Your phone, as you know, has a lock screen. Your phone also has Siri. Siri can be accessed even when the phone is locked.
Prior to the fix, if you requested that Siri do an image search based on file names containing the “@” symbol in Twitter, Facebook, or Yahoo. This, of course, will result in an email address being found. Using the 3d Touch menu, a user could, at that point, bring up a contextual menu for that item, which would offer to add the address to your address book.
At this point, even though the phone is locked, the hacker has access to your address book in its entirety, because all he would have to do is search on just the “@” symbol, and it would show all email addresses in the phone.
Additionally, the hacker would also have access to your photos, because one of the things you can do when in the address book is to set an image association with a given address book entry. Needless to say, this is not at all what was intended, and the company took immediate steps to prevent any of this from occurring as soon as it came to light that it was possible.
The problem was initially discovered by the German security firm, Evolution Security, so kudos to them for good sleuthing, and kudos to Apple for their quick response. Unfortunately, this was not the first bypass technique to be discovered, and it almost certainly will not be the last, but Apple continues to burnish its reputation as being extremely quick to resolve issues as they are discovered, lending peace of mind to the legions of users of the company’s products.
If you own an iPhone 6 or iPhone 6s, it is very important to make sure you have the latest updates or you may fall victim to this vulnerability. Go to your settings screen and check to see if any updates are available, if you have available updates, make sure to backup and sync, then update to make sure your phone is secure.