Update: An Apple spokeswoman confirmed that the bug was fixed Tuesday morning. Most consumers should have a fix in place -- without the need for a software update.
Original post: A video of a newly discovered bug in Apple's iOS 9.3.1 operating system is making the rounds, showing that it's possible to access an iPhone user's contacts and photos without entering a passcode or scanning a fingerprint.
It does require a very particular set of circumstances. For one, you have to allow Siri to have access to your Twitter account, which should require your passcode or fingerprint. You also have to have a phone that can use Apple's pressure-sensitive Force Touch, namely an iPhone 6S or iPhone 6S Plus. Finally, at least according to the video, you have to find a tweet that contains someone's e-mail address (or just something formatted like an e-mail address) in order to use 3D Touch and call up the contacts menu.
If all those circumstances are met, it's then very easy to push down on the part of the message containing the address and call up a menu to add a new contact or edit an existing contact. Doing so takes you to your phone's address book. If you opt to edit the photo in an existing contact or add one to a new contact, you can also choose to use a photo from your phone's camera roll -- all without a pass code.
You can see the bug in action here:
While it's perhaps unlikely that someone would come across this bug accidentally, it could be easy to trigger if you're looking for it. Someone could tweet an e-mail address from their account for this purpose or, as I did to duplicate this bug, could simply do a search for something like "outlook.com" or "gmail.com" to find a message that then allows access to the contacts menu.
Disabling Siri's access to Twitter did not appear to fix the problem; disabling Siri, of course, does. Apple did not immediately reply to a request for comment.
The YouTube channel that posted the video showing the bug, has several other clips of ways to get certain parts of the iPhone without having to enter a code or fingerprint on Apple's lockscreen. Many of these techniques involve Siri -- though some have since been fixed. The Twitter account associated with the YouTube channel belongs to a man calling himself Jose Rodriguez, and calls for Apple to launch a "bug bounty" program that would pay well-intentioned hackers to find problems like this and bring them to the company's attention.
In the past, Apple has often issued fast fixes to its operating system after articles or videos detailing flaws circulate around the Web.
This post has been updated.