Apple released iOS v9.3.1 firmware to fix the browser freeze bug last week, but it was later found that the update had a much more serious glitch, which compromised the security of the iPhone 6S series devices.
It was reported that any user can open the virtual digital assistant Siri and bypass the fingerprint-based Touch ID and Passcode to unlock the screen and access photos and the contact list of the devices.
This glitch was first reported by a YouTube user who goes by the name Videosdebarraquito. In the video demo, he asks Siri to search Twitter on a locked iPhone 6S. To that, the digital assistant lists recent Twitter chats without asking for authorisation. Videosdebarraquito selects a random tweet and then the "Quick Actions menu" of the 3D Touch feature gets activated and asks the user if he wants to create a new contact with the "Add To Existing Contact" option. Upon progressing to the next step, the iPhone asks the user if he wants to attach a picture to the new contact and opens all the images in the Photo app. This procedure also usually requires authorisation. [Check out the video demo HERE]
Thankfully, this loophole was found to be limited to the iPhone 6S and iPhone 6S Plus.
Taking note of the severity of the issue, Apple confirmed April 5 the company had plugged the loophole within hours of the Siri bug report making headlines, the Washington Post reported, citing Apple's official spokesperson.
Apple iPhone 6S and iPhone 6S Plus owners need not wait for any update as the company has fixed it on their servers.
Though Apple has managed to fix the glitch in record time, this has dented the company's image because the new iOS v9.3 update was tested for one and a half months, during which seven beta versions were released to Apple's registered software developers to find any irregularities in it, and yet two major issues — the activation bug and the browser freeze — were detected in the firmware. And now the bug in Siri was found in the new iOS v9.3.1, which just got patched.