Apple has confirmed a privacy bug in its iPhone that allows the Siri voice assistant to read out messages from locked screens – even if the messages are hidden.
First discovered by Brazilian websiteMac Magazine, the privacy bug enables anyone to access third-party hidden messages that appear as notifications on locked iPhones. All they need to do is ask Siri to read them.
Netflix Opens Public Bug Bounty Program with $15K Payout Cap
Apple Tackles Cellebrite Unlock Claims, Sort Of
Apple Rushes Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads
“We are aware of the issue and it will be addressed in an upcoming software update,” an Apple spokesperson told Threatpost.
The glitch allows Siri to read messages that are received from an array of third-party apps, including Facebook Messenger, WhatsApp, Telegram, Skype, and Signal. However, the glitch doesn’t apply to Apple’s iMessage or SMS texts.
While Siri remains locked down when it comes to Apple’s own software, the voice assistant can be directed to read out email messages on third-party apps as well – including Gmail – such as the sender, subject, and parts of the message.
The bug is reportedly in iOS 11.2.6 and the beta version of iOS 11.3. Mac Magazine said that it reported the glitch to Apple.
While iPhone users wait for the fix, which will be delivered at an unspecified time, there are two workarounds that exist to secure their privacy.
-Turn off screen notifications for sensitive apps (Go to the app in Settings > Notifications > Show on Lock Screen)
-Disable Siri whenever the device is unlocked (Go to Settings > Siri & Search > Allow Siri When Locked)
Apple has faced a slew of security glitches over the past few months. In November, researchers showed that Apple’s biometric authentication Face ID technology could be fooled to unlock the phone using a 3D print mask.
More recently, in February the smartphone maker confirmed a leak of its iBoot source code, parts of which experts say are likely still in use by the latest version of Apple’s iOS 11.