Vulnerability in iOS 13 beta gives unauthenticated access to stored passwords in Settings
Repeated taps on "Website & App Passwords" allows for easy bypass of Face ID or Touch IDBy Humza Aamir
In brief: Users running iOS beta versions are usually aware of the minor inconveniences that come with installing it. Though they might want to know about a security vulnerability recently found in iOS 13 developer beta 3 (public beta 2) that allows for a user to gain unauthenticated access to the iCloud keychain on devices running the software.
Currently in beta, Apple's iOS 13 gets a few iterations before its gold release in fall as developers and curious users get to test new features and give feedback on their experience. A recent flaw that was first reported on Reddit is worth the attention of users running the iOS 13 beta 3 on their iPhones, and yes, the bug is also present in the latest betas of iPad OS 13, reports 9to5Mac.
To exploit the bug, all one has to do is open Settings and tap on Passwords & Accounts. Once inside, the username and password combinations saved in the iCloud keychain through Autofill can be accessed by tapping on Website & App Passwords. While this action causes the Face ID or Touch ID authentication prompt to appear, the bug allows this prompt to be bypassed by cancelling it and repeatedly tapping Website & App Passwords. A few tries later, the user is shown all the login credentials without the need for Face ID or Touch ID authentication.
The flaw can be seen replicated in a video by iDeviceHelp
Granted that an unlocked iPhone/iPad running the specific beta version is required to do this in the first place, the bug is still a considerable security threat that users should be aware of. Apple is likely to fix in its next beta release of iOS 13, the beta 4/public beta 3 that's just around the corner.