Apple fixes the Siri lockscreen bypass vulnerability
Apple recently discovered an iOS lockscreen bypass vulnerability which allowed unauthorised access to a user’s Contacts and Photos has been fixedtech Updated: Apr 06, 2016 14:38 IST
Apple has reportedly confirmed that they have fixed the iPhone Siri bug that allowed anyone access to conatcts and photo albums.
In a statement to The Washington Post, a Apple representative confirmed that a fix has now been rolled out. The statement further added that users should get the fix without the need for a software update.
The patch arrives in less than a day after the video was posted on YouTube explaining the lockscreen vulnerability, which was discovered by YouTube user Jose Rodriguez. He posted a video showing how anyone can bypass the lockscreen on 3D Touch enabled iPhones and get access to contacts and photos without a passcode or a fingerprint scanner.
Though for anyone to take undue advantage of the exploit, it only happens when users allow Siri to access their Twitter account, which requires their passcode or a fingerprint scanner on iPhones featuring Apple’s pressure sensitive Force Touch technology.
Detailing the scenario in the video, the user first asks Siri to perform a Twitter search for a tweet containing an email address, and performing a 3D Touch gesture on resulting link allowed access to Contacts and Photos.