Apple denies researchers' claims of bypassing iOS passcode using Siri

News by Robert Abel

Vulnerability Lab researchers claim to have spotted multiple passcode bypass vulnerabilities in the latest Apple iOS systems.

Vulnerability Lab researchers claim that multiple passcode bypass vulnerabilities are present in Apple iOS versions 9.0, 9.1 and 9.2.1, but Apple denied those claims.

The vulnerabilities are reportedly in the Appstore, Buy more Tones or Weather Channel links of the Clock, Event Calendar and Siri user interfaces, according to a Monday post.   

The researchers said the bugs can be exploited by an attacker who has physical access to the device and without a privileged or restricted device user account.

The post detailed four ways to trigger the vulnerabilities by making voice requests through Siri and using an internal browser link request.

End users can temporarily patch the vulnerabilities by "hardening of the device settings" by deactivating the Siri module and other features, researchers said.

Apple denied the vulnerabilities existed and told that each of the exploits requires an enrolled fingerprint with Touch ID or a passcode.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews