One of my common topics is the difficulty writing secure software in our increasingly complicated coding times. [Detailed rant withheld.] Therefore, any code with significant complexity will be wrong and the worst errors are usually security holes. The data security community gradually adapts to increased code complexity through new processes with complex code control. Here are a few good examples along with, fortunately, a couple of practical solutions. I've added relevant screenshots below:
Complex IOS Passenger bypasser gives access to iPhone contacts and images
By Mikey Campbell @appleinsider
Friday 28th. September 201
A couple of extremely-involved password bypasses detected in Apple's newest iOS 12 can allow attackers to access Contacts and Photo data on a user's iPhone, including models protected by Face ID. . . .
Apple has not yet addressed the vulnerabilities in the latest iOS 12.1 beta. Concerned users can minimize exposure to the apparent errors by disabling Siri Lock screen access in Settings> Face ID and Password or Settings> Touch ID and Password under "Allow Access When Locked" Heading . The second attack can be counteracted by enabling password protection for Notes by navigating to Settings> Notes> Password .
Please read Mikey Campbell's article before you adopt the solutions to understand what you change in iOS 12. Turning off Siri on the lock screen can not cause problems. But creating and having to use a password for your notes can create a disadvantage. This is the common theme of security against convenience.