Server-side patch fixes vulnerability that allowed access to Contacts and Photos on iPhone 6s

iPhone 6s Siri image 001

An iOS vulnerability that permitted nefarious people to gain access to Contacts and Photos data has been fixed swiftly without the need for a software update. A server-side fix has patched a security hole in Siri which allowed the personal digital assistant to use email links in tweets to gain access to contacts and photos on a locked iPhone 6s running iOS 9.3.1. Apple has confirmed to The Washington Post that it’s fixed the flaw on its servers.

Jose Rodriguez, who first detailed the flaw, is now demanding on Twitter that Apple launch a bounty program similar to other companies that would reward well-intentioned hackers who would discover critical flaws in iOS and OS X with cash.

The Siri flaw was limited to devices with 3D Touch—the latest-generation iPhone 6s and iPhone 6s Plus—set up so that Siri can be invoked on the Lock screen and has access to your Twitter account and Photos library.

Source: The Washington Post