Well, that was fast. Less than 24 hours after it was picked up by the media, the iOS security flaw which let anyone access a locked iPhone 6S/6S Plus contacts and photos without a password was fixed -- and it didn't even require a software download.
Apple confirmed in a statement to the Washington Post that the bug was fixed Tuesday morning. The fix seems to consist in Siri not being allowed to search Twitter on a locked phone under any circumstances. I've tested this and, unlike yesterday, I was unable to perform any kind of Twitter search through Siri unless I unlocked the device first.
While it only worked with 3D Touch devices and in certain conditions -- namely, you needed to have Siri integrated with Twitter and Photos -- the bug was quite a serious one, as it basically bypassed iPhone's security, and potentially opened the door to other exploits.
Case in point: 9to5Mac reports that, along with this fix, Apple quietly fixed another Siri bug, which let users turn on the Night Shift feature while the device is in Low Power Mode. While that's less of a security issue, it shows that Siri can be tricked to perform a number of actions on your phone that you otherwise wouldn't able to do.
The bug (and the fix) come hot on the heels of a widely publicized court battle between Apple and the FBI, which needed Apple's help in order to crack open an iPhone 5C once belonging to San Bernardino gunman Syed Farook. Much has been made of the iPhone's hack-proof security, but the latest security flaw shows that no device, including the very latest iPhones, is fully impenetrable.
Have something to add to this story? Share it in the comments.
