Following an already embarrassing week for Apple after the Xcodeghost malware fiasco, the tech giant is faced with more scrutiny Wednesday when it was discovered that it’s new iOS 9 mobile operating system has shipped with a gaping security flaw.

The as yet named flaw is triggered on Apple iPhone and iPad devices running the new operating system and allows those using it to gain access to personal photographs and contacts even when the device has a passcode and/or Touch ID enabled.

The hack is at its base a combination of keystrokes and button pushing that allow users to bypass security on any iOS 9 device.

While not endorsing in any way iPhone hacking, it would be remiss to cover the story without explaining how easy it is to implement; do this only on your own device (instructions via The Hacker News):

1. Wake the iOS device and Enter an incorrect passcode four times.
2. For the fifth time, Enter 3 or 5 digits (depending on how long your passcode is), and for the last one, press and hold the Home button to invoke Siri immediately followed by the 4th digit.
3. After Siri appears, ask her for the time.
4. Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.
5. Now double tap on the word you wrote to invoke the copy & paste menu, Select All and then click on “Share“.
6. Tap the ‘Message‘ icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.
7. Select “Create New Contact,” and Tap on “Add Photo” and then on “Choose Photo“.
8. You’ll now be able to see the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

If you are concerned about your device being accessed this way there is, fortunately, a fairly easy way guard against it: disable access to Siri while the phone is locked by opening the Settings app and tapping “Touch ID & Passcode.” Scroll to the “Allow access when locked” section and slide the option next to Siri to off.

Slack

Apple is very quick to boast about the fact that 50 percent of all Apple users have already upgraded to iOS 9, but it’s just a shame they can’t be more diligent when it comes to basic security for their users as well.

The hack isn’t the end of the world, but there’s no question it’s embarrassing for the company given how quickly it has been exposed following the launch of iOS 9.

 Image credit: michaelnpatterson/Flickr/CC by 2.0