The vulnerability was discovered by YouTuber Jose Rodriguez, and only affects the iPhone 6S and the 6S Plus as it involves 3D Touch. In the video, Rodriguez initiates a Twitter search via the “Hey Siri” feature, without unlocking the phone. His search of a contact brought up contact information, allowing him to press down on it with 3D Touch to bring up a Quick Actions menu.
The Daily Dot found that you can ask Siri to search Twitter for “@gmail.com” or any other second half of an email address to pull up a contact’s informatiom. When you see a tweet with an email address, that’s when you can bring up the Quick Actions menu.
Rodriguez then taps “Add to Existing Contact,” which brings up his entire Contacts list, and he follows that by tapping on a contact and hitting “Add Photo,” which then offers full access to his photo library.
Essentially, Rodriguez shows the flaw could offer someone else using a locked device access to Twitter contact information, your contacts, and your photos. Do note that it’s only possible to access if you have granted Siri access to Contacts, Photos, or Twitter account information.
It also seemed to vary as to whether you can access this Twitter search without providing a passcode — most of the time Siri asked for a passcode, but some times it randomly went ahead with the search.
An Apple spokesperson says the issue was fixed this morning, and the fix is rolling out server side globally.
If you’re still wary, you can turn off Siri’s access to search Twitter by heading to Settings, finding Twitter, and toggling Siri off.
Editors' Recommendations
- Nomad’s new iPhone case and Apple Watch band may be its coolest yet
- Here’s how Apple could change your iPhone forever
- This one thing could make iOS 18 the best iPhone update in years
- Everything you need to know about the massive Apple App Store outage
- The 7 biggest features we expect to see in iOS 18
