Web application security specialists have reported the finding of a new vulnerability in Apple’s new operating system iOS 13 beta version which, if exploited, gives threat actors full access to passwords, email addresses and any login data stored by the ‘Auto Fill’ system feature.
Because this version of the operating system is
still in testing stages, the vulnerability scope is really limited, affecting
only the participating users of the public test of this beta version.
According to web application security experts,
provides hackers with access to all data stored in iCloud Keychain, Apple’s
password management system, from which the ‘Auto Fill’ feature gets the
information. To obtain the information, attackers simply must:
the Passwords and Accounts option
tap in Website and Apps Passwords option
Doing so, the hacker will cancel the message
from the Face ID/Touch ID security system, and after further attempts, they
will gain access to all usernames and passwords stored on the system; finally,
the threat actor can even make modifications to the compromised access
It is important to note that exploiting the
vulnerability requires physical access to an unlocked iPhone or iPad, so the
complexity of the attack increases considerably, web application security
specialists say. The company has already been notified of the existence of this
flaw, so it is highly likely that the company will fix this flaw in the next
beta version of the iOS 13 and iPad OS 13.
Specialists from the International Institute of
Cyber Security (IICS) mention that this version of the operating system
includes multiple improvements and new features to enhance the privacy
experience for Apple users.
While the error is serious, as it exposes a
large amount of sensitive information, the company is in time to implement the
necessary measures to fix this and other bugs that are discovered by users of
the iOS 13 beta.