Users have discovered a bug in the iOS 13 beta which makes it easy for people to access the “Website & App Passwords” data in Settings.
The security flaw makes it simple to bypass the biometric authentication section in Settings when accessing your iCloud Keychain passwords.
It does this by letting users keep tapping the “Website & App Passwords” menu. Even if a person has not authenticated their identity, doing this will eventually show all passwords and logins. (However, it’s worth noting that to reach this point they would first need to have unlocked the device, using some form of ID, such as Face ID or a passcode.)
The security flaw was found in iOS 13’s developer beta 3. This latest beta was released at the start of July. It’s possible that Apple will fix it by the next beta version release, iOS 13 beta 4. Even if that doesn’t happen, however, it’s virtually guaranteed that Apple will fix the problem by the time iOS 13 officially launches in September.
The folks over at the iDeviceHelp channel on YouTube demonstrated the flaw in a video:
The risks of beta versions
Developer betas are fascinating as a sneak preview of what Apple has planned for its next major OS release. It’s also crucial for — as the name implies — developers, so they can make sure their app will work on day one without problem.
Understandably, though, there are bugs found along the way. Some of the features don’t work properly. In other cases, apps don’t work as they should. That’s part of the beta experience. Unfortunately, security flaws are another part of that.
For this reason, you should always take care when downloading a beta version of one of Apple’s new OS’s. Wherever possible, we’d also advise that you don’t do this on your primary device. You never know what problems you might run into!