Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iOS 13 & iPadOS bug said to allow unauthenticated access to usernames & passwords

Last updated

A bug in the current iOS 13 and iPadOS betas reportedly allows people to bypass security and access usernames and passwords in the Settings app — though in practice, the issue is a relatively minor threat.

Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.

Apple has been warned about the problem, but has yet to acknowledge it. Betas are inherently prone to bugs however, making it likely Apple will patch the vulnerability before the finished versions of iOS 13 and iPadOS launch this fall.

The most recent public betas were issued on July 8. Indeed based on Apple's normal timing, fourth developer seeds should arrive sometime this week.

The iDeviceHelp clip was first spotted by 9to5Mac.



20 Comments

ibanks 11 Years · 10 comments

First finding of this was on Reddit. Sent this to 9to5Mac 5 days ago and they credit IDeviceHelp. Lol. 

[Bug] very serious bug that allows anyone to view your passwords by keep clicking on "Websites and app passwords"
https://reddit.com/r/iOSBeta/comments/cbfgtb/bug_very_serious_bug_that_allows_anyone_to_view/

Soli 9 Years · 9981 comments

Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.

Sure, but I've long wished that Settings could be locked down with your biometric and password.

MplsP 8 Years · 4047 comments

Wait - isn’t this a beta? Isn’t that what beta releases are about - finding and fixing bugs?

dewme 10 Years · 5775 comments

Hmm, is anyone reading the "The issue is minor as a device must already be unlocked to access Settings" part?
Who among us is allowing anyone other than themselves to access their unlocked iOS device?

Okay, I'll concede that the lack of multi-user accounts on iOS devices invites such stupidity, but if you're letting other people play around with your iOS device when it's unlocked you're effectively handing out your wallet stuffed with credit cards to another person.

Can't fix stupid.