Apple iOS 13 Vulnerability Could Allow Unauthenticated Access To Saved Passwords And Emails

Once again a serious iOS vulnerability that could risk the security of iPhone and iPad population has surfaced. Fortunately, the flaw existed in the iOS 13 beta version that is yet to launch, so Apple could patch the flaw in time.

iOS 13 Vulnerability Exposed Device Data

Reportedly, Matthew Arron John, who goes by  u/AqAqGT on Reddit, discovered an iOS 13 vulnerability exposing saved passwords. He first shared a brief video of the bug on Reddit.

[Bug] very serious bug that allows anyone to view your passwords by keep clicking on "Websites and app passwords" from iOSBeta

As revealed, there existed a serious glitch in iOS 13 that could allow an attacker to gain access to the saved “web and app passwords” bypassing Face ID or Touch ID authentication.

It later caught the attention of iDeviceHelp who then demonstrated the security glitch in a more detailed video (shared below). As demonstrated, anyone having physical access to an iPhone or iPad running on iOS 13 could exploit the glitch. All it took for an attacker was to go to the settings menu and reach the “Website & App Passwords” option. Then, tapping once on the option, the device required the user to pass through Face ID or Touch ID prompt. However, because of the glitch in iOS, repeated tapping on the area of the screen displaying “Website & App Passwords” and cancelling the prompt could let the attacker bypass the security check.

Apple Patched The Flaw

According to the researchers, the vulnerability primarily affected the iOS 13 developer beta 3 and the iOS 13 public beta 2. Owing to the timely reporting of the flaw to Apple, the tech giant could resolve the flaw in the latest iOS 13 developer beta 4. The fix also got confirmed on Reddit.

[Feature] The passwords bug is fixed in beta 4! from iOSBeta

The iOS 13 public beta 3 will also address the flaw. Eventually, one can expect that the final release of the iOS 13 will certainly have all such glitches fixed for the users.

Let us know your thoughts in the comments.

Related posts

Apple Zero-Day Flaws Exploited For Predator Spyware Attacks

How to View Incognito History on Android Without Them Knowing