Several days ago, Apple released the iOS 9.3.1 update. This update fixed one of the annoying issues with iOS 9.3, which was that it finally got links to work properly again. Unfortunately it seems that fixing one problem has led to a new problem being discovered, and this time the problem is more worrying than annoying.
Initially discovered by Jose Rodriguez and uploaded onto YouTube, basically what happened is that iOS 9.3.1 has a security flaw that allows non-authorized users to access the photos on your iPhone and your contacts without having to log into your device using Touch ID. The exploit has since been verified by the folks at MacRumors.
Basically this flaw appears to have something to do with Twitter and Siri, in which through a somewhat convoluted method, users can access photos and contact by launching Siri and calling it to initiate a Twitter search. Now the upside is that this only affects users who have previously granted Siri permission to access their Twitter account information.
If you have not done this, your device is safe until you do. However if you haven’t done this, then you’ll need to go into your Privacy settings and disable Siri for Twitter and your Photos and Contacts. We can only assume that Apple is aware of this issue and hopefully a future update will close this security hole.