In the latest update to iOS 9, Apple has fixed a major security flaw that allowed anyone to obtain easy access to personal data such as photos, contacts and messages on iOS devices protected with PIN. The exploit was discovered within a few days of the public release of iOS 9, which commenced on 16 September.
The hack that allows access of owner's private data using Siri, was present in both iOS 9 as well as in its next version 9.0.1. Although a workaround was available by disabling Siri when the iPhone is locked, there was no official fix until the release of iOS 9.0.2. Apple has posted a document on its support site that describes the security content of iOS 9.0.2:
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.
Apart from this, the iOS 9.0.2 brings a host of fixes and improvements on iPhone, iPad and iPod touch. Meanwhile, the company has stopped signing iOS 8.4.1 and 9 firmware, making it impossible for those who wish to perform a downgrade or upgrade.