Brief Advisory Posts Tuesday
In a brief advisory posted on Tuesday, Apple warned users about a bug in its latest operating systems, iOS 13 and iPadOS. The bug affects third-party keyboards that have the ability to request "full access" permissions.
Understanding the Bug
iOS 13 was released last week, along with both iOS 13.1 and iPadOS 13.1, which are the new software versions for iPads. Third-party keyboards can either run as standalone applications or with "full access," allowing them to communicate with other apps or access the internet for additional features, such as spell check.
However, when a third-party keyboard requests "full access" permissions, it also enables the developer to capture keystroke data or any information typed by the user, including sensitive information like emails, messages, or passwords. The bug may allow third-party keyboards to gain full access permissions without explicit approval from the user.
Impact and Details
The advisory does not provide further details about the issue, but it mentions that the bug does not affect iOS’ built-in keyboard. Apple did not comment beyond the brief advisory, leaving users with more questions than answers.
Update on September 27
However, an updated security advisory released on September 27 revealed that iOS 13.1.1 and iPadOS 13.1.1, which were released on Friday, fix the keyboard issue. Apple credited its own staff for discovering the keyboard-related logic vulnerability in the latest software update.
iOS, iPadOS, and tvOS 13.1 Updates Now Available
The updates are now available for users to download and install, providing a much-needed patch to address the bug.
Security Concerns
This bug raises serious security concerns, as third-party keyboards with full access can potentially capture sensitive information without the user’s consent. Apple’s decision to issue a brief advisory and not provide further details has left users wondering about the extent of the vulnerability and how it was discovered.
Conclusion
The release of iOS 13 and iPadOS brought several new features and improvements, but this bug highlights the importance of software security and the need for developers to prioritize user privacy. Apple’s decision to credit its staff for discovering the vulnerability demonstrates a commitment to security and encourages users to be cautious when using third-party keyboards.
Related Topics
Recommended Reading
- Hackers are exploiting a new Fortinet firewall bug to breach company networks
- Google’s NotebookLM had to teach its AI podcast hosts not to act annoyed at humans
Follow Us
Stay up-to-date with the latest tech news and updates by following us on social media:
