iOS 13 Vulnerability Allows Viewing of All Saved Passwords

A serious vulnerability has been discovered in Apple’s mobile operating system, iOS 13, that allows anyone to view saved account passwords and credit card information stored for Safari autofill—bypassing both Touch ID and Face ID protection.

The issue was first reported by Reddit users. According to forum posts, to reproduce the bug, you need to go to the “Settings” app on an iPhone or iPad, then open “Passwords & Accounts” → “Website & App Passwords.” Normally, accessing passwords requires entering a passcode or confirming your identity with Touch ID or Face ID. However, in this case, simply tapping “Cancel” is enough. If you repeat this process 10 to 20 times, you can eventually gain access to the menu with all saved accounts.

This problem appears in iOS 13 Beta 2 and 3, as well as iOS 13 Public Beta 2. Apple has already been informed about the vulnerability, and it is likely to be fixed in the next beta release of iOS 13.