iOS 13 Security Flaw Allows Unauthorised Access to Passwords Stored by Autofill Feature

iOS 13 Face ID

A bug has been discovered in iOS 13 beta which provides one with unauthorized access to all passwords, emails, and usernames stored by the Autofill feature. iOS 13 is still in beta stages so thankfully this bug is only going affect a limited number of people who are running the public or developer beta.

The bug provides one with access to all the passwords and data stored in the iCloud keychain and used by the Autofill feature in iOS. Simply go to Settings -> Passwords & Accounts and start tapping the Website and App Passwords option repeatedly.

Doing so will cancel the Face ID/Touch ID prompt on the display after a few tries and give one access to all the stored passwords and usernames. One can even modify the stored passwords if they wish to.

This bug does require that the iPhone/iPad is already unlocked which is not going to be as easy.

Since this bug has now been detailed, Apple will likely fix the issue with the next beta release of iOS 13 and iPadOS 13.

iOS 13 comes with a number of new privacy-oriented features and enhancements. While this bug is definitely serious, one must remember that the OS itself is in beta stages of development and testing and such bugs are bound to be there. Nonetheless, Apple should fix this bug with the next beta release of iOS 13 due to drop later this week.