Low severity2.4NVD Advisory· Published May 20, 2016· Updated May 6, 2026

CVE-2016-1852

Description

Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In iOS before 9.3.2, Siri does not block data detectors in lock screen results, letting a physical attacker access contacts and photos.

Vulnerability

Siri in Apple iOS before 9.3.2 does not block data detectors within results when the device is in the lock-screen state. This allows a physically proximate attacker to obtain sensitive contact and photo information via unspecified vectors. The issue is addressed in iOS 9.3.2, affecting iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later [1].

Exploitation

An attacker with physical proximity to an unlocked but locked-screen device can invoke Siri and interact with data detectors in search results. No authentication or special permission is required beyond physical access to the device. The exact sequence of steps is not detailed by Apple but relies on the data detectors being active while the device is locked [1].

Impact

A successful exploitation allows a physically proximate attacker to gain access to sensitive contact information and photos stored on the device, potentially compromising user privacy. The attacker does not need to unlock the device, bypassing the lock-screen protection [1].

Mitigation

The vulnerability is fixed in iOS 9.3.2, released on May 16, 2016 [1]. Users should update their devices to iOS 9.3.2 or later. No workarounds are provided by Apple, and the issue is not listed on CISA's Known Exploited Vulnerabilities catalog.

References

About the security content of iOS 9.3.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.3.1
Apple Inc./iOSllm-fuzzy
Range: <9.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2016/May/msg00002.htmlnvdMailing ListVendor Advisory
www.securitytracker.com/id/1035890nvdThird Party AdvisoryVDB Entry
support.apple.com/HT206568nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.156
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000