A new iPhone exploit has recently been discovered by YouTube user videosdebarraquito, who has found many other exploits and bugs in iOS over the years. This new exploit allows someone to bypass the lock screen and gain access to contacts and photos via Siri, Apple's digital voice assistant—but it only affects the iPhone 6s and the iPhone 6s Plus because it requires 3D Touch functionality.
As you can see in the video above from EverythingApplePro, the first step in the flaw begins with asking Siri to search Twitter for an email address (Gmail was the primary example used, but it works for any email address). Once the results pop up on screen, the next step is to find one with a valid email address and use "force touch" to bring up the menu. Once you select the "Add Existing Contact" option, you now obtain access to all of the contacts stored on the phone—without a passcode or Touch ID.
Another part of this flaw occurs when you select the "Create a New Contact" option in the same menu after using the 3D Touch feature. Once chosen, you can then add a new picture to the contact, thereby obtaining access to all of the photos on the device.
Thankfully, there's a two-step process that you have available to fix this latest issue. First, go into your Settings, then select the Privacy tab and choose Photos. Then disable Siri's access from there if it's present. This keeps would-be intruders out of your pictures.
The second step is to then go back into Settings, then select Touch ID & Passcode. After you've entered your passcode, scroll down and switch off the option that gives Siri access.