iPhone passcode 'vulnerability' early 2023
Essentially, a lot of damage can be done by a malicious actor who steals your device and has the passcode.
Discussed on ATP 524, blogged about by Michael Tsai, etc.
Mitigation steps:
- Strong (alphanumeric) passcode
- Don't give out your passcode
- Avoid high risk situations for device theft
- Use biometrics as much as possible
- Generate a recovery key1
- Set up Screen Time to prevent account changes2
- Use dedicated password manager (not iCloud Keychain)
- Set up per-app biometrics/authentication where appropriate
I think there has been enough coverage of this that Apple will do something soon. Hopefully whatever they do is sensible.