Apple to Save User Passwords Despite User Preferences

Cybersecurity experts have identified potential problems with the iCloud KeyChain function (“Key Bound) in iOS 17 and MacOS Sonoma.

  • When updating the device, the iCloud KeyChain function can be automatically activated, even if it was previously disabled.

  • If the function was enabled and then turned off by the user, there are concerns about data preservation.

The iCloud KeyChain function on iOS 7 and OS X Mavericks is used to store passwords and bank card data in iCloud, making them accessible on all Apple devices. All information is encrypted, and even Apple does not have access to user accounting data or payment details.

Researchers from Mysk have reported that some users who did not use the iCloud KeyChain had it activated automatically after updating.

Users who have updated to iOS 17, iPados 17, or MacOS Sonoma and have not previously synchronized “passwords and keys” with iCloud should check their settings and ensure that this function is disabled.

When the iCloud KeyChain function is turned off, data can still remain on Apple servers. According to the company:

  • If the user logs out of the iCloud account with the iCloud KeyChain, they are prompted to save or delete the KeyChain.

  • Data used to be forcibly deleted from iCloud servers, but now this process may be linked to the new Family Passwords function, which allows users to share accounts with trusted contacts.

All users are advised to check their device settings after updating and monitor the preservation of their data in the cloud. Whether this is a mistake or a deliberate decision by Apple to activate KeyChain for all users is still unknown.

/Reports, release notes, official announcements.