Yesterday, the internet discovered a workaround that allows someone to access anyone's Photos or Contacts on an iPhone 6s or 6s Plus without using a password. The bypass took advantage of 3D Touch and Siri by allowing a third-party to search Twitter for valid email addresses. This allowed unauthorized users to create a new contact using the 3D Touch quick action menu without using a password or Touch ID. After creating the new contact anyone could then access the photos and contact information stored on any iPhone 6s device.
The good news is that Apple was able to fix the flaw without issuing a new iOS update. Siri will now tell a user to unlock their iPhone when asked to search Twitter from the Lock screen. This will force anyone trying to access the phone to use Touch ID or enter a password instead of allowing them to bypass your security features.
Apple also fixed a bug in Siri which allowed you to enable Night Shift when Low Power Mode was on. Siri will now tell you to disable Low Power Mode when asked to "turn on Night Shift."
Apple recently had to release iOS 9.3.1 to fix a bug casuing devices to crash when clicking links in Safari, Messages, Mail, Notes and other apps. As stated above, Apple did not need to release a new iOS update to fix the security issues surrounding Siri. This means iPhone 6s and 6s Plus owners do not need to worry about downloading anything to protect themselves from the Siri bypass bug.