An iOS 13 Vulnerability Allowed Unauthenticated Access To Passwords
Once again a serious iOS vulnerability that could risk the security of iPhone and iPad population has surfaced. Fortunately, the flaw existed in the iOS 13 beta version that is yet to launch, so Apple could patch the flaw in time.
iOS 13 Vulnerability Exposed Device Data
Reportedly, Matthew Arron John, who goes by u/AqAqGT on Reddit, discovered an iOS 13 vulnerability exposing saved passwords. He first shared a brief video of the bug on Reddit.
As revealed, there existed a serious glitch in iOS 13 that could allow an attacker to gain access to the saved “web and app passwords” bypassing Face ID or Touch ID authentication.
It later caught the attention of iDeviceHelp who then demonstrated the security glitch in a more detailed video (shared below). As demonstrated, anyone having physical access to an iPhone or iPad running on iOS 13 could exploit the glitch. All it took for an attacker was to go to the settings menu and reach the “Website & App Passwords” option. Then, tapping once on the option, the device required the user to pass through Face ID or Touch ID prompt. However, because of the glitch in iOS, repeated tapping on the area of the screen displaying “Website & App Passwords” and cancelling the prompt could let the attacker bypass the security check.
Apple Patched The Flaw
According to the researchers, the vulnerability primarily affected the iOS 13 developer beta 3 and the iOS 13 public beta 2. Owing to the timely reporting of the flaw to Apple, the tech giant could resolve the flaw in the latest iOS 13 developer beta 4. The fix also got confirmed on Reddit.
The iOS 13 public beta 3 will also address the flaw. Eventually, one can expect that the final release of the iOS 13 will certainly have all such glitches fixed for the users.
Let us know your thoughts in the comments.
Gloss