Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iOS 13 & iPadOS bug said to allow unauthenticated access to usernames & passwords

Roger Fingas |

Last updated

A bug in the current iOS 13 and iPadOS betas reportedly allows people to bypass security and access usernames and passwords in the Settings app — though in practice, the issue is a relatively minor threat.

Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.

Apple has been warned about the problem, but has yet to acknowledge it. Betas are inherently prone to bugs however, making it likely Apple will patch the vulnerability before the finished versions of iOS 13 and iPadOS launch this fall.

The most recent public betas were issued on July 8. Indeed based on Apple's normal timing, fourth developer seeds should arrive sometime this week.

The iDeviceHelp clip was first spotted by 9to5Mac.

20 Comments

ibanks 10 comments · 11 Years
About

First finding of this was on Reddit. Sent this to 9to5Mac 5 days ago and they credit IDeviceHelp. Lol. 

[Bug] very serious bug that allows anyone to view your passwords by keep clicking on "Websites and app passwords"
https://reddit.com/r/iOSBeta/comments/cbfgtb/bug_very_serious_bug_that_allows_anyone_to_view/

ibanks 10 comments · 11 Years
About

https://i.imgur.com/Gm9LKuC.jpg

Soli 9981 comments · 9 Years
About

Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.

Sure, but I've long wished that Settings could be locked down with your biometric and password.

MplsP 4047 comments · 8 Years
About

Wait - isn’t this a beta? Isn’t that what beta releases are about - finding and fixing bugs?

dewme 5775 comments · 10 Years
About

Hmm, is anyone reading the "The issue is minor as a device must already be unlocked to access Settings" part?
Who among us is allowing anyone other than themselves to access their unlocked iOS device?

Okay, I'll concede that the lack of multi-user accounts on iOS devices invites such stupidity, but if you're letting other people play around with your iOS device when it's unlocked you're effectively handing out your wallet stuffed with credit cards to another person.

Can't fix stupid.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods Max four years later: a missed spatial computing opportunity

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4