Apple has released an update to iOS 9 that’s a must install. It fixes a security problem that would let a thief access some iPhone contents without knowing the PIN code.

The update is to iOS 9.0.2 and fixes the problem introduced in last week’s 9.0.1 update. While it didn’t mention the fix in the release notes for the update, Apple has confirmed it in a separate security note.

The bug created a remarkably simple (if convoluted) exploit in which a phone thief can deliberately type in an incorrect PIN on four occasions then, on a fifth attempt, hold down the home button while typing the final digit.

This opens up Siri and asking what the time is in turn opens up the clock app (despite the phone being locked.) Highlighting text in the settings menu of the clock app brings up the Share option, which in turn gives access to both contact lists and the user’s photo album.

While updating to 9.0.2 is the best option for fixing the bug, you can also use the temporary workaround of going into Settings, selecting “Touch ID & Passcode” and than making sure the Siri toggle is set to off in the “Allow access when locked” section.