iOS 9.0.2 fixes the lock screen security flaw that could access Photos and Contacts without passcode

ios-9 logo

Back on September 24, a lock screen bypass was discovered in iOS 9 that allowed limited access to apps on the device, without entering the required passcode.

It was revealed that by inputting the password incorrectly a few times, and then, on the last try, before the 1-minute lockout initiated, accessing Siri would subsequently provide access to the Photos and Contacts applications. While that’s only two apps, it’s obviously two too many, so a patch was required right away.

As such, Apple has provided that fix with the release of iOS 9.0.2, which was released today, September 30. As Apple notes, this release fixes the security flaw. Apple also states this fix is meant for the iPhone 4s and later, was well as the iPod touch (5th Gen.) and later, as well as the iPad 2 and later:

Lock Screen

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
    Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen

    Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.

That’s a relatively quick turnaround on another lock screen security flaw, so that’s good news across the board.

[via Apple]