Currently in beta, Apple’s iOS 13 gets a few iterations before its gold release in fall as developers and curious users get to test new features and give feedback on their experience. A recent flaw that was first reported on Reddit is worth the attention of users running the iOS 13 beta 3 on their iPhones, and yes, the bug is also present in the latest betas of iPad OS 13, reports 9to5Mac.
To exploit the bug, all one has to do is open Settings and tap on Passwords & Accounts. Once inside, the username and password combinations saved in the iCloud keychain through Autofill can be accessed by tapping on Website & App Passwords. While this action causes the Face ID or Touch ID authentication prompt to appear, the bug allows this prompt to be bypassed by cancelling it and repeatedly tapping Website & App Passwords. A few tries later, the user is shown all the login credentials without the need for Face ID or Touch ID authentication.
The flaw can be seen replicated in a video by iDeviceHelp
The unlocked iPhone/iPad running the specific beta version is required to do this in the first place, the bug is still a considerable security threat that users should be aware of. Apple is likely to fix in its next beta release of iOS 13, the beta 4/public beta 3 that’s will be very soon out.
