Apple recently released its first update to the new iOS 9, but experts noticed that it doesn’t fix the lock screen bypass vulnerability.
Apple has already released its first update for the release iOS, the version iOS 9.0.1 was issued last week to fix a number of bugs.
Last week Jose Rodriguez reported the lock screen bypass vulnerability affecting the iPhone devices, today I have to inform you that the last update doesn’t fix the security issue.
The flaw is considered serious because it allows bypassing the lock screen mechanism that protects the iPhone and the iPad from unauthorized access. An attacker can access users’ contacts and personal photographs bypassing the lock screen mechanism implemented in iOS 9.0 and iOS 9.0.1 versions.
Rodriguez has published a step-by-step guide to bypass the lock screen mechanism that normally requests the passcode on iOS 9 and iOS 9.0.1 devices.
Let me remind you that the attack relies on the Apple’s personal assistant Siri, other security experts have verified the lock screen bypass vulnerability affects all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.
The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.
Waiting for a patch, iOS users can disable Siri on the lock screen by modifying the settings of the device from
Settings > Touch ID & Passcode
Once disabled, users will be anyway able to continue using Siri after unlocked their iOS 9 based device.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.