An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.