All Devices PSA: Serious bug, all website & app passwords visible without authentication

Knightcastle

macrumors 6502
Original poster
Apr 25, 2015
465
233
As originally reported on reddit. (inc. video)

A number of users have reproduced this on a number of devices.

Unconfirmed but there is some discussion that disabling FaceID/TouchID is a temporary fix.

Probably worth avoiding this beta for now
 

Oridus

macrumors 65816
Oct 8, 2012
1,029
915
XS max pub beta 2, cannot reproduce. Asks me for Face ID authentication.
 

bransoj

macrumors 6502a
Jul 31, 2013
929
216
Same beta here on a 6S...just tried entering that section and it asked for Touch ID to continue.
 

jonblatho

macrumors 65816
Jan 20, 2014
1,322
3,277
Missouri
XS max pub beta 2, cannot reproduce. Asks me for Face ID authentication.
It took several tries for me on my XS. Press the row really quickly; you may need to use two fingers to do it. Cover the sensor housing and cancel any "Face Not Recognized" prompts that show up.

Eventually, it’ll let you in.
 

Oridus

macrumors 65816
Oct 8, 2012
1,029
915
It took several tries for me on my XS. Press the row really quickly; you may need to use two fingers to do it. Cover the sensor housing and cancel any "Face Not Recognized" prompts that show up.

Eventually, it’ll let you in.
Wow. You are correct. Got it to work.
 

jk1211

macrumors 6502
Sep 13, 2018
492
1,100
Got it to work once, and they certainly need to patch it. But this is assuming someone got into your unlocked phone already too (and access to other stuff anyway) and knew about the bug which wasnt patched quickly as the next beta should be a few days.
 
  • Like
Reactions: Applefan2015

bydandie

macrumors regular
Sep 22, 2009
122
15
We need to remember that if the person has access to your device already then being able to access your passwords is kinda moot. Anyway, it'll be fixed in the next beta.
 
  • Like
Reactions: davethorp

davethorp

macrumors regular
Jan 28, 2010
249
39
Preston, Lancashire, UK
We need to remember that if the person has access to your device already then being able to access your passwords is kinda moot. Anyway, it'll be fixed in the next beta.
Yeah it’s a serious bug and Apple will surely fix it but as you say in order for someone to be able to exploit it they would need to unlock the device with your passcode or face/touchID. If they managed to do that they would be able to get into the passwords anyway
 
  • Like
Reactions: Applefan2015

Knightcastle

macrumors 6502
Original poster
Apr 25, 2015
465
233
Yeah it’s a serious bug and Apple will surely fix it but as you say in order for someone to be able to exploit it they would need to unlock the device with your passcode or face/touchID. If they managed to do that they would be able to get into the passwords anyway
Only if they had access to your face/finger/passcode for a second time?