iOS 9.3 News Update: Apple Fixed Bug That Allowed Photos And Contacts Access Without Passcode
Apple fixed a major security flaw in iOS 9.1.3 that allowed access to photos and user contacts without a passcode.
The bug only affects iPhone 6 and iPhone 6S as it requires 3D Touch to perform the exploit. Users will have to activate Siri and ask it to search Twitter for an email address. Selecting a tweet with an email address and using 3D Touch to add the mail to contacts allows access to photos and other contacts. All this can be done without entering the phone's passcode.
Users who tried exploiting the bug on their iPhones failed in few first attempts. However, Siri later complied. If Twitter access to Siri is not allowed, the bug cannot be exploited. The loophole came to light through a YouTube video that demonstrated how the bug can be exploited.
Apple reportedly admitted the existence of bug and issued a fix without requiring a manual download. The fix comes just a week after iOS 9.3.1 was released to address app-crashing.
Security of iPhones was hugely debated after Apple refused to heed a government request to unlock the iPhone 5c of San Bernardino shooter Syed Rizwan Farook. Eventually, third-party service providers helped the government bypass the phone's passcode and unlock it.
In related news, rumors that Apple has provided developers with beta iOS 9.3.2 are doing the rounds. Accordingly, iOS 9.3.2 largely contains improvements and fixes over 9.3.1. The iOS 9.3 was released about two weeks ago with features like Night Mode.
Apple's release of updates in quick succession has earned it appreciation from its user and from the tech community. Additionally, its openness to admit to flaw and issue quick fixes marks a policy shift; earlier, the company reportedly would not comment or open-up flaws, while updates or fixes were few and far in between.