iOS 13 Beta Fails, Allows Unauthenticated Access to User Passwords

IOS 13 is still in beta for both the public and developers, and therefore many bugs appear - which is normal. But a specific security breach caught the attention of some users. This vulnerability made it easy to access site and application passwords in the Settings menu without the need for authentication via Face ID or Touch ID.

When running beta 3 of iOS 13 for developers (or the second public beta), it's incredibly easy to ignore the Face ID or Touch ID authentication prompt in Settings when trying to access your iCloud Keychain passwords. This problem was first noticed by a Reddit user.

As detailed by iDeviceHelp in YouTube, you can access all usernames and passwords saved in Settings by repeatedly tapping the "Website & App Passwords" menu and avoiding the request of the IDs. After several attempts, iOS 13 will display all your passwords and logins even if you have not authenticated with Face ID or Touch ID to do so.

The 9to5Mac site personnel confirmed that this vulnerability is present in the latest iOS 13 beta for developers. THEApplewas informed about the issue through the Feedback app, but has not done anything yet. The bug is also present in the last betaOS of the iPadOS 13.

When running a beta version of iOS, it is normal for the user to be aware that system crashes can occur and this vulnerability is a good example. However, it is surprising that such a large security gap is present in a public beta of iOS 13.

Apple released iOS 13 beta 3 for developers on July 2nd. That means we're probably only a day or two away from the release of iOS 13 beta 4. It's possible Apple will fix this by then.


Post a Comment