Vulnerability Lab researchers claim that multiple passcode bypass vulnerabilities are present in Apple iOS versions 9.0, 9.1 and 9.2.1, but Apple denied those claims.
The vulnerabilities are reportedly in the Appstore, Buy more Tones or Weather Channel links of the Clock, Event Calendar and Siri user interfaces, according to a Monday post.
The researchers said the bugs can be exploited by an attacker who has physical access to the device and without a privileged or restricted device user account.
The post detailed four ways to trigger the vulnerabilities by making voice requests through Siri and using an internal browser link request.
End users can temporarily patch the vulnerabilities by "hardening of the device settings" by deactivating the Siri module and other features, researchers said.
Apple denied the vulnerabilities existed and told SCMagazine.com that each of the exploits requires an enrolled fingerprint with Touch ID or a passcode.