Vulnerability in iOS 13 beta gives unauthenticated access to stored passwords in Settings

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247


In brief: Users running iOS beta versions are usually aware of the minor inconveniences that come with installing it. Though they might want to know about a security vulnerability recently found in iOS 13 developer beta 3 (public beta 2) that allows for a user to gain unauthenticated access to the iCloud keychain on devices running the software.

Currently in beta, Apple's iOS 13 gets a few iterations before its gold release in fall as developers and curious users get to test new features and give feedback on their experience. A recent flaw that was first reported on Reddit is worth the attention of users running the iOS 13 beta 3 on their iPhones, and yes, the bug is also present in the latest betas of iPad OS 13, reports 9to5Mac.

To exploit the bug, all one has to do is open Settings and tap on Passwords & Accounts. Once inside, the username and password combinations saved in the iCloud keychain through Autofill can be accessed by tapping on Website & App Passwords. While this action causes the Face ID or Touch ID authentication prompt to appear, the bug allows this prompt to be bypassed by cancelling it and repeatedly tapping Website & App Passwords. A few tries later, the user is shown all the login credentials without the need for Face ID or Touch ID authentication.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top