iOS 13 beta bug lets strangers access iCloud Keychain passwords

What you need to know

  • A bug with the iOS 13 beta (public and developer) lets strangers access your iCloud Keychain passwords.
  • The bug lets them bypass the normal security of Face ID, Touch ID or a password.
  • Luckily it's only an issue if someone is already inside your iOS or iPadOS device.

iOS 13 is still in its beta form, which means there are countless bugs affecting users at the moment, but one in particular is quite worrying because it concerns your passwords.

First spotted by a Reddit user, the bug pertains to your iCloud Keychain passwords stored the Settings. We must be upfront about the bug: it will only be an issue if someone is already inside your iPhone. If not, then you're still secure because the standard iOS security measures are still in place. With that established, let's get to the bug.

Once inside your iPhone, the bug lets anybody go into the "Passwords & Accounts" section in your Settings and then within "Websites & App Passwords." Normally, the Face ID, Touch ID or password prompt come up as an added layer of security, but with the iOS 13 bug for both developer (third) and public (second) betas, a person can tap on the section repeatedly and enter it without authentication.

Here, the person will have access to your logins and passwords. The bug has also confirmed to be within iPadOS 13 as well.

Again, this will only be an issue if someone is inside your iPhone already. No reason to get alarmed if you're running the iOS 13 beta, just something to be aware of.

Apple has been notified of the bug but has not yet commented on it. It'll likely wait to the next round of updates, which should be coming soon as the last batch of updates rolled out a couple weeks ago.

Danny Zepeda