Vulnerability Management

New iOS 9 workaround exposes contacts and photos, even without proper passcode

A recently discovered flaw in iOS 9 could allow a person to view any Apple device's contacts and photos without entering the proper passcode.

An uploaded video from Jose Rodriguez showed him entering the wrong PIN four times. He then tried a fifth time, but instead, only typed three numbers and then held down the home button. This activated Siri, at which point he asked "her" for the time. When she answered, he navigated to the phone's Search and Share function and continued clicking through to ultimately access and message contacts, view the user's contacts and browse photos.

The photos, for instance, are exposed when navigating to add a new contact. From there, the unauthorized user can click to add a photo to a contact, thereby leading to the phone's gallery.

Rodriguez suggests disabling Siri as one way to falling victim to the workaround.

[hm-iframe src="" width="416" height="296" frameborder="0" scrolling="no"]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.