Apple exterminates Siri lock screen bug with server side fix

Apple exterminates Siri lock screen bug with server side fix
Yesterday, we told you about a Siri search bug that allowed someone borrowing an Apple iPhone 6s or Apple iPhone 6s Plus, to break into the Contacts or Photos apps. This would be accomplished by asking Siri to do a Twitter search. If Siri is enabled to integrate with Twitter, and you use 3D Touch, breaking into the Contacts app is as simple as tapping on "Add to existing contacts." From there, getting into the Photos app is a snap. Following this process keeps the hacker from having to unlock an iPhone by punching in the passcode.

Instead of sending out a software update to fix the issue, Apple has already made a server-side fix that shuts the door on this exploit. Now, those following the process that allowed them to break into the Contacts and Photos apps of a vulnerable iPhone 6s or iPhone 6s Plus, will be prompted for information that will verify their identity, or stop them from advancing any farther.

We imagine that Apple decided that after rolling out iOS 9.3 and quickly following with iOS 9.3.1, that it would look better from a public relations standpoint not to send out another software update so soon. After all, iOS 9.3.1 was sent out just six days after iOS 9.3 to fix a problem that caused app links to freeze, hang or crash. And a new update to iOS 9.3.2 would have been sent out just seven days later.

Instead, Apple went with the server side fix. The most important thing though, is that the Siri search bug has been exterminated. For Apple, the fact that it was able to do this without alerting the public is just an additional plus.

source: RedmondPie
Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless