Early this morning, we told you about a new iPhone 6s passcode bypass vulnerability that allowed handlers to access photos and contact details without needing to verify with a passcode or Touch ID. The Lock screen vulnerability was made possible by Siri, and let users bypass the security provided by the Lock screen passcode and/or Touch ID.
If there’s a positive spin to put on such a vulnerability, it’s that fixes can be implemented server side without the need for an iOS update. Apple today has fixed the passcode bypass method by forcing Siri to request your Lock screen passcode whenever a user tries to search Twitter via Siri while at a secured Lock screen
If you ask Siri to “Search Twitter” while at the Lock screen, you’ll now receive a response that says “you’ll need to unlock your iPhone first.” Previously, Siri would simply ask what the user would like to search for. The fix, which was apparently implemented sometime today, prevents handlers from accessing sensitive photos or contact information without first entering their passcode.
It also seems that Apple has fixed another bug, one much less nefarious, which let you activate Night Shift Mode while Low Power Mode is enabled. That trick, too, relied on Siri. Now, when you ask Siri to enable Night Shift while Low Power Mode is enabled, you’re met with a response that says: “In order to turn on Night Shift, I’ll have to turn off Low Power Mode. Shall I continue?”
Previously, users were able to enable both Night Shift and Low Power Mode by means of Siri.
Thanks to Gary and Peter for the tips.
