CVE CyberSecurity Database News

CVE-2023-41988 - How Siri Let Attackers Peek at Your Data on Locked Apple Devices

Poster -

In October 2023, Apple released a crucial patch for a vulnerability tracked as CVE-2023-41988, quietly plugging a hole that could let someone with physical access to your iPhone, iPad, Apple Watch, or Mac see sensitive data—even when your device was locked. This article breaks down how the exploit worked, the fix Apple rolled out, and what you should know to protect your information.


TL;DR:
CVE-2023-41988 was a bug where an attacker could use Siri on a locked device to get access to private user data. Apple fixed it in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1, and iPadOS 17.1 by limiting what Siri can do when your device is locked. If you haven't updated yet—do it now!

What Happened?

Apple's Siri assistant is designed to be helpful, even when your device is locked. For example, you might ask Siri to check the weather, send a text, or set a reminder, all without unlocking your phone. But with CVE-2023-41988, this convenience became a risk.

In short, a person holding your locked device could use Siri to bypass certain lock screen protections and access more information than they should—including possibly contacts, messages, or other personal data.

Here’s how Apple described the flaw

> *“An attacker with physical access may be able to use Siri to access sensitive user data. This issue was addressed by restricting options offered on a locked device.”*
> — Apple Security Updates, October 25, 2023

What Was the Exploit?

Apple did not release full technical details, but user reports and security researchers suggest the attack worked something like this:

Asks Siri to perform actions or access information.

4. Siri, due to a bug, over-shared and provided sensitive data that should have required device unlock.

Example

A code-level demonstration isn’t public (Apple prefers to shield such details until most users are patched), but here’s a simulated Siri interaction that demonstrates the risk:

// Attacker, holding a locked iPhone, says:
"Hey Siri, show me my contacts."

// Before the patch, Siri might’ve responded:
"Here are your contacts…" [Displays names & numbers]

// After the patch (iOS 17.1 and newer), Siri replies:
"You'll need to unlock your iPhone first."

Apple’s Fix

Apple’s response was to restrict the options available in Siri while the device is locked. Now, Siri won’t reveal sensitive data or perform critical actions unless the device is unlocked by its rightful owner.

Fixed in these versions

- iOS 17.1 and iPadOS 17.1: Release Notes
- macOS Sonoma 14.1: Release Notes
- watchOS 10.1: Release Notes

If you're running anything older, you are at risk and should update immediately.

Proof-of-Concept (PoC) Snippet

While Apple hasn’t released exact PoC code or explicit commands, testers simulated risky scenarios. A generic form:

// Simulated test: See what voice commands Siri accepts on locked screen

let commands = [
  "Show my recent calls",
  "Read my latest text",
  "Show my contact info"
]

for cmd in commands {
  // On a locked device, activate Siri and say cmd
  // Observe if any unexpected data is revealed
}

Expected (Patched): Siri should say data is inaccessible unless unlocked.

Update right now: Make sure your iPhone, iPad, Mac, and Apple Watch are running the latest OS.

- Restrict Siri Access: If you’re worried, you can turn off Siri on the lock screen. Here’s how:

Reading & References

- Apple’s Security Update - CVE-2023-41988
- iOS 17.1 Release Notes
- macOS Sonoma 14.1 Release Notes
- watchOS 10.1 Release Notes
- CVE-2023-41988 Entry

Final Words

CVE-2023-41988 might seem simple, but it shows just how tricky balancing convenience and security can be. Siri is handy—but for a little while, that came at the cost of your privacy. Luckily, good patching practices and Apple’s quick response mean this risk is now behind most users… as long as you stay updated.

Remember, physical access is often half the battle for attackers. Don’t help them out—keep your devices locked, and always update to the latest software!

Timeline

Published on: 10/25/2023 19:15:10 UTC
Last modified on: 11/02/2023 18:00:25 UTC