It was revealed that by inputting the password incorrectly a few times, and then, on the last try, before the 1-minute lockout initiated, accessing Siri would subsequently provide access to the Photos and Contacts applications. While that’s only two apps, it’s obviously two too many, so a patch was required right away.
As such, Apple has provided that fix with the release of iOS 9.0.2, which was released today, September 30. As Apple notes, this release fixes the security flaw. Apple also states this fix is meant for the iPhone 4s and later, was well as the iPod touch (5th Gen.) and later, as well as the iPad 2 and later:
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.
That’s a relatively quick turnaround on another lock screen security flaw, so that’s good news across the board.[via Apple]