An iOS vulnerability that permitted nefarious people to gain access to Contacts and Photos data has been fixed swiftly without the need for a software update. A server-side fix has patched a security hole in Siri which allowed the personal digital assistant to use email links in tweets to gain access to contacts and photos on a locked iPhone 6s running iOS 9.3.1. Apple has confirmed to The Washington Post that it’s fixed the flaw on its servers.
Jose Rodriguez, who first detailed the flaw, is now demanding on Twitter that Apple launch a bounty program similar to other companies that would reward well-intentioned hackers who would discover critical flaws in iOS and OS X with cash.
I just found a new
Photos and Contacts
iPhone 6S + iOS 9.3
Waiting for Apple
bug bounty program
It is true, I'm not bluffing
— Jose Rodriguez (@VBarraquito) March 31, 2016
The Siri flaw was limited to devices with 3D Touch—the latest-generation iPhone 6s and iPhone 6s Plus—set up so that Siri can be invoked on the Lock screen and has access to your Twitter account and Photos library.
Source: The Washington Post