|   Technology


  |   Technology


iOS 13 release date, issues: Bug allows unauthorized access to stored usernames, passwords

From the Guided Tour promo video of iPhone XS and iPhone XR. | Photo by Apple/YouTube screenshot

Apple recently described non-developer users who were looking forward to joining iOS 13’s public beta program as “thrill seekers,” and it was for a good reason. For one, they will be exposed to some security vulnerabilities such as the recently discovered issue on stored usernames and passwords.

iOS 13 bug: Access to stored passwords without authentication is possible

For a while now, Apple has introduced an iOS feature where users can store usernames and passwords. It also allows them to use an autofill function while logging in without the need of a third-party app. However, it is the center of a recently found bug on iOS 13.

The issue was shared by the YouTube channel iDeviceHelp after hearing about it through Reddit discussions. iOS 13 users can find the said feature on Settings > Passwords & Accounts. The first option upon opening this tab is “Website & App Passwords” that gives immediate access to credentials stored in the device, so opening it requires Face ID or Touch ID authentication.

When the device cannot recognize the face or fingerprint used to access usernames and passwords, an error prompt will pop up. But this is where the iOS 13 bug lies.

Triggering the error prompt by tapping Website & App Passwords repeatedly and then pressing the cancel button non-stop somehow trick an iOS 13-running device to open the page where all the credentials can be seen. Thus, giving someone access to sensitive information even without proper biometric authentication.

iOS 13 issue should be taken seriously but must not cause panic

Since this bug directly relates to account credentials, iOS 13 beta testers must take the issue seriously. On the other hand, it should not stop people from joining the beta program. As the source pointed out, the bug can only be exploited with an unlocked device. Meanwhile, based on the iOS timeline over the years, Apple is expected to seed the beta 4 version within this month. The next update will likely include a fix for this bug since it has been widely reported online.

iOS 13 is currently in public beta, that means more people have immediate access to it now compared to the first few weeks since its announcement in June. However, since it is still a fairly early version of the software update vulnerabilities and other issues are expected to arise along the way. After all, discovering and reporting them immediately are the main point of the public beta program. The full version of iOS 13 will be released later this year.

By Jess Ferrera
  • Market Data

Welcome to EconoTimes

Sign up for daily updates for the most important
stories unfolding in the global economy.