Security Fix for ‘Website & App Passwords’ Bug
Earlier this week, we reported on a fairly minor but potentially dangerous security hole in the Website & App Passwords menu in Settings. Basically, the vulnerability could have allowed an attacker to see your passwords stored in iCloud Keychain in plaintext without authenticating via Touch ID or Face ID.
The actual risk of the flaw was debatable, since exploiting it still required physical access to an unlocked device. In any case, Apple has fixed the bug in iOS 13 beta 4 and iPadOS 13 beta 4.