The mobile operating system iOS 13 was presented at the beginning of June at the WWDC and is currently in the third preview for developers. Now a major security vulnerability has come to light.
Apple occasionally offers updates for iOS, watchOS, tvOS and macOS as a closed preview for developers and also makes them available to public testers. Users of this offer can test all kinds of new functions on their iPhone, iPad, Apple TV or Mac - with the exception of the Apple Watch - watchOS remains reserved for registered developers. In addition to new functions, these beta versions also contain errors. Sometimes such bugs can make using the iPhone, iPad, Apple TV, Apple Watch and Mac significantly more difficult. The compatibility of individual programs and general performance can also suffer. Therefore, a beta should never be used on a device that is used every day. We always recommend using a second device for such a project. (How to participate in the Public Beta program)
Since the iOS 13 beta is still in its early testing phase, major errors are to be expected - and security gaps can also occur. It has now become known that both the iOS 13 developer and public beta contain a security gap. This makes it possible to access the data in "Passwords & Accounts" under the iOS settings without authentication. Attackers can therefore easily bypass Face ID or Touch ID with a bit of skill - assuming the third developer beta or second public beta for iOS 13 is used. As a rule, the user can only access "Passwords & Accounts" and then "Website & App Passwords" via the settings if they have been identified using Face ID or Touch ID. However, the authentication process can be bypassed. The process is described in Reddit as follows.
Fourth beta for iOS 13 in sight
If you tap the "Website & App Passwords" menu several times and cancel the identification process each time, the section will then open without a successful verification. After a few attempts, we were able to reproduce the problem. The error is also included in the current iPadOS beta. US media reports that Apple has already been informed about the Feedback app - the company has not yet commented on it. The security gap can of course have serious consequences - but it can only be exploited if the device in question has been unlocked beforehand. As a rule, the iPhone or iPad should never be left alone in an unlocked state. Apple released the third beta of iOS 13 to developers on July 2nd. This means that we can probably expect another update shortly. Of course, it remains to be seen whether the vulnerability will be eliminated directly. Low price record: Apple AirPods 2 with wireless charging case on offer on Amazon
