"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7," the company says when describing Kernel and WebKit vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435.
Starting with iOS 17, iPadOS 17, and macOS Sonoma, users with an Apple ID will automatically be assigned a passkey, allowing them to sign into their Apple ID with Face ID or Touch ID instead of their password.
Unfortunately on iOS, the backup to Face-ID for the iPhone's Keychain or PassKeys is the iPhone's passcode. So anyone that has access to your phone and knows the passcode, can use the phone's passcode to log-in to iCloud or Apple ID with this feature.
Multigreg writes, I set a screen time restriction with the passcode, without the option to remove it using the Apple ID. I tapped cancel and hit skip. When I try the forgot passcode link, it still guides me through the options to enter my Apple ID or device password or find a forgotten Apple ID…
So the mitigation that we said last time, that specific one about the screen time password, if you did that on your phone, just remove it because it's not actually helping. I mean, I don't know if you want to remove it because it will slow them down. It will slow down the thief a little bit because now they have to go through the forgot password flow, which is kind of annoying. And you know, so it's a speed bump, a tiny speed bump, but that's about it.
AFAIK the best advice we can give people is to set a strong device passcode and never use it in a public space. Always use FaceID, and have "Require Attention" toggled on.
Today's iOS, iPadOS, macOS, and watchOS updates address zero-day vulnerabilities (www.bleepingcomputer.com)
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7," the company says when describing Kernel and WebKit vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435.
iOS 17 and macOS Sonoma Add Passkey to Your Apple ID (www.macrumors.com)
Starting with iOS 17, iPadOS 17, and macOS Sonoma, users with an Apple ID will automatically be assigned a passkey, allowing them to sign into their Apple ID with Face ID or Touch ID instead of their password.