A Siri vulnerability discovered last night, that allowed access to a user’s photos and contacts on a locked iPhone running iOS 9.3.1, has been patched by Apple through a server-side update.
Shared last night by Jose Rodriguez, the vulnerability used Siri’s ability to access Twitter to find an email link or phone number, which could be pressed to open up an editable list of contacts even on a device that was locked. Through access to contacts, a user’s full photo library was also visible.
The vulnerability only worked on the iPhone 6s and iPhone 6s Plus since it requires 3D Touch for quick access to the Contacts and Photos app. Since Apple has patched this vulnerability now, it is now no longer possible to do a Twitter search via Siri on a locked iPhone. Doing so will now prompt Siri to say that you will need to unlock your phone first.
Additionally, Apple also fixed another lesser-known Siri related bug that made it possible to enable Night Shift mode on an iPhone or iPad after Low Power Mode was enabled. However, doing so now will make Siri warn you that the Low Power Mode will be disabled if Night Shift is enabled. This means that it is no longer possible to use Night Shift with Low Power Mode enabled. This functionality used to work in the early betas of iOS 9.3, but Apple eventually removed it.