Apple has already released its first update for the release iOS, the version iOS 9.0.1 was issued last week to fix a number of bugs.
Last week Jose Rodriguez reported the lock screen bypass vulnerability affecting the iPhone devices, today I have to inform you that the last update doesn’t fix the security issue.
The flaw is considered serious because it allows bypassing the lock screen mechanism that protects the iPhone and the iPad from unauthorized access. An attacker can access users’ contacts and personal photographs bypassing the lock screen mechanism implemented in iOS 9.0 and iOS 9.0.1 versions.
Rodriguez has published a step-by-step guide to bypass the lock screen mechanism that normally requests the passcode on iOS 9 and iOS 9.0.1 devices.
Let me remind you that the attack relies on the Apple’s personal assistant Siri, other security experts have verified the lock screen bypass vulnerability affects all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.
The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.
Waiting for a patch, iOS users can disable Siri on the lock screen by modifying the settings of the device from
Settings > Touch ID & Passcode
Once disabled, users will be anyway able to continue using Siri after unlocked their iOS 9 based device.
Edited by Pierluigi Paganini
(Security Affairs – iOS 9.0.1, Lock Screen Bypass flaw)