The mobile operating system iOS 13 was presented at the beginning of June at the WWDC and is currently in the third preview for developers. Now a major security vulnerability has come to light.
Apple occasionally offers updates for iOS, watchOS, tvOS and macOS as a closed preview for developers and also makes them available to public testers. Users of this offer can test all kinds of new functions on their iPhone, iPad, Apple TV or Mac - with the exception of the Apple Watch - watchOS remains reserved for registered developers. In addition to new functions, these beta versions also contain errors. Sometimes such bugs can make using the iPhone, iPad, Apple TV, Apple Watch and Mac significantly more difficult. The compatibility of individual programs and general performance can also suffer. Therefore, a beta should never be used on a device that is used every day. We always recommend using a second device for such a project. (How to participate in the Public Beta program)
Since the iOS 13 beta is still in its early testing phase, major bugs are to be expected – and security vulnerabilities can also occur. It has now been revealed that both the iOS 13 developer and public betas contain a security vulnerability. This allows access to the data in "Passwords & Accounts" under iOS Settings without authentication. Attackers can therefore easily bypass Face ID or Touch ID with a bit of skill – assuming the third developer beta or second public beta of iOS 13 is used. Typically, users can only access "Passwords & Accounts" and then "Website & App Passwords" via Settings after they have been identified using Face ID or Touch ID. However, the authentication process can be bypassed. The process is described on Reddit as follows.
Fourth beta for iOS 13 in sight
If you tap the "Website & App Passwords" menu multiple times and cancel the authentication process each time, the section will open without successful verification. After a few attempts, we were able to reproduce the problem. The error is also present in the current iPadOS beta. US media reports that Apple has already been informed via the Feedback app – the company has not yet commented on the matter. The security vulnerability can, of course, have serious consequences – but it can only be exploited if the device in question has been unlocked beforehand. As a general rule, the iPhone or iPad should never be left unlocked. Apple released the third beta of iOS 13 to developers on July 2nd. This means that we can probably expect another update soon. Whether the vulnerability will be fixed directly remains to be seen. Low price record: Apple AirPods 2 with wireless charging case on offer on Amazon
