Apple's software updates for the iPhone, iPad, and Apple Watch have been out for a couple of days, and so far, the rollout isn't exactly going smoothly. The company had to pull WatchOS 5.1 after receiving reports that the update bricked certain Apple Watch Series 4 units, and now, it appears that some issues have slipped into the latest version of iOS as well.
A lockscreen security flaw that is specific to iOS 12.1 has been discovered by Jose Rodriguez. On October 31, the YouTuber uploaded a video showing how lockscreen passwords on an iPhone can be bypassed in order to gain access to the owner's contact list via Siri.
Asking the voice assistant to make a phonecall and then switching to FaceTime allows attackers to exploit the new group FaceTime feature into adding more people to the call. From there, the user's complete contact list is exposed, and malicious parties can even use 3D Touch in order to get more info on people on the list.
Keep in mind that this exploit requires the attacker to have physical access to your phone, so we recommend that you don't leave it unattended. Apple will most likely address the issue soon, but if you want an immediate fix, just disable the activation of Siri from your lock screen. This is done by going to Settings -> Siri & Search -> Access When Locked.