A flaw that was first publicised on Monday used Siri to run a Twitter search that could look for any results with an email address. As a result, on an iPhone 6S or 6S Plus, you could then “force tap” the email link to access the pressure-sensitive 3D Touch menu and choose the option Add to Existing Contact, giving you access to all of the contacts on the iPhone. Furthermore the bug let people select Create a New Contact and add a photo to that contact, thus providing access to all photos stored on the phone.
Apple have been quick on the job and repaired the bug on their end, sparing users from having to install another update. However, the flaw has existed since iOS 9.0 which came out in September 2015, it did require certain conditions to be exploited. For instance only the iPhone 6S and iPhone 6S Plus were vulnerable and you also had to grant Siri access to your Twitter and Photos apps.
Apple has remedied the problem of Siri running a search on Twitter by now requesting the user to enter their passcode every time Siri is asked to conduct a Twitter search. Flaws like this are still a scary possibility as not every weakness can be found, resulting in companies doing their utmost to protect the privacy of their users. One will remember Apple’s recent battle with the FBI and WhatsApp’s even more recent implementation of end-to-end encryption.
