Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html