Security Flaw in iOS 9.3.1 Allows Access to Contacts and Photos Without Passcode [Video]

POST

MAIL

Posted April 5, 2016 at 1:43pm by iClarified

A security flaw in iOS 9.3.1 allows access to your contacts and photos without entering a passcode. The vulnerability was discovered by Jose Rodriguez.

The procedure involves using Siri to initiate a Twitter search then using a 3D Touch gesture on contact information to bring up the Quick Actions menu. Tapping Add to Existing Contact brings up your full contact list and adding a photo to the contact brings up your entire photo library.

To protect yourself from this security flaw, you can turn off access to Photos and Twitter for Siri. This can be down from the Settings -> Privacy ->Photos and Settings->Privacy->Twitter menus.

Take a look at the video below for more details...

[via DailyDot] [via MacRumors]

Follow iClarified

Add Comment

Would you like to be notified when someone replies or adds a new comment?

Yes (All Threads)

Yes (This Thread Only)

Notifications

Would you like to be notified when we post a new Apple news article or tutorial?

Yes

Comments (31)

You must login or register to add a comment...

Add Comment

ltamborrell - April 6, 2016 at 2:53pm

The problem is already fixed so shut it!

Reply · Like

clown - April 6, 2016 at 12:06am

Clown found the passcode text mesaage, phone call , search web flaw in siri.

Reply · Like

clown - April 5, 2016 at 8:45pm

Say hey siri text (input phone number) will text anyone you want . Also searched the web for that name, it bypassed the passcode once i think but not again

Reply · Like

qba - April 5, 2016 at 8:03pm

9.0.2 is the most stable release period

Reply · Like

SeanBenzy - April 5, 2016 at 7:47pm

Correction, it is allowing for the first time but if you repeat the process Siri is asking for the screen to be unlocked, so yes we need 9.3.2

Reply · Like

clown - April 5, 2016 at 7:23pm

The lockscreen should disable the phone book completely unless , you allow a emergency phone number other then 911

Reply · Like

clown - April 5, 2016 at 7:22pm

Not correct i jus did it. Hey siri call xyz number with passcode enabled. This is needs a software fix

Reply · Like

Daf - April 5, 2016 at 7:10pm

It's fixed inside the siri servers.

Reply · Like

gamerscul9870 - April 5, 2016 at 6:41pm

Apple is Apple, just usually one problem to fix, but let it be known, there's has been one bug after another update after update before, and they can get out of this again. Apple isn't on self destruct just because of another minor problem.

Reply · Like

RWR - April 5, 2016 at 7:31pm

But what they will do is fix this bug, and produce 10 other bugs.

Reply · Like

gamerscul9870 - April 5, 2016 at 7:35pm

What's the worse that could happen? That many bugs though?

Reply · Like

clown - April 5, 2016 at 5:59pm

Say hey siri ( or othertimes works without) hey siri call ( number) , send message , etc. works fine

Reply · Like

SeanBenzy - April 5, 2016 at 5:42pm

I just did the same and every time Siri asked me to unlock my iPhone first so I am not sure what these people are talking about.

Reply · Like

clown - April 5, 2016 at 5:18pm

You can even use siri with passcode enabled to search the web from lock screen, make phone calls, send messages, send locations. Wow what a greatt update.

Reply · Like

Amatmulisha - April 5, 2016 at 4:51pm

This is what they call ios 9.3 is the most stable os ever?are u kidding me?ios 8 and above is the best and stable for me.9 and above just suck and full with bugs.

Reply · Like

MATTt - April 5, 2016 at 7:32pm

I think you meant to say iOS 6.

Reply · Like

clown - April 5, 2016 at 3:12pm

Try it out , you should not be able play music from lock screen or send messages that is flaw

Reply · Like

clown - April 5, 2016 at 3:06pm

You can also send messages with pass code and play music

Reply · Like

Bla bla bla - April 5, 2016 at 3:03pm

It works only for phones with force touch..