Roger Fingas
A bug in the current iOS 13 and iPadOS betas reportedly allows people to bypass security and access usernames and passwords in the Settings app — though in practice, the issue is a relatively minor threat.
Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.
Apple has been warned about the problem, but has yet to acknowledge it. Betas are inherently prone to bugs however, making it likely Apple will patch the vulnerability before the finished versions of iOS 13 and iPadOS launch this fall.
The most recent public betas were issued on July 8. Indeed based on Apple's normal timing, fourth developer seeds should arrive sometime this week.
The iDeviceHelp clip was first spotted by 9to5Mac.
Wesley Hilliard
Malcolm Owen
Christine McKee
Andrew Orr
William Gallagher
20 Comments
First finding of this was on Reddit. Sent this to 9to5Mac 5 days ago and they credit IDeviceHelp. Lol.
https://reddit.com/r/iOSBeta/comments/cbfgtb/bug_very_serious_bug_that_allows_anyone_to_view/
https://i.imgur.com/Gm9LKuC.jpg
Wait - isn’t this a beta? Isn’t that what beta releases are about - finding and fixing bugs?