Using third-party keyboards on your iPhone is something of a normality for many iOS users. However, it could be troublesome should the keyboard start spying on users. The aforementioned became possible due to a flaw in iOS 13.1, Apple however stepped-up quickly to address this issue. Recently, Apple released a warning for the users about an iOS 13.1 bug that granted full access to third-party keyboards. Later, the tech giant also resolved the problem.
iOS 13.1 Gave Full Access To Keyboards
According to the advisory, the third-party extensions in iOS can either choose to run as standalone or can request complete access for any additional features. As a standard, this requires input for gaining such access. However, due to the bug, iOS 13 granted full-access to the third-party keyboards without approval.
Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.
Consequently, it became possible for a bad actor behind a third-party keyboard to capture keystrokes on the device. More precisely, a threat actor could easily know whatever a user would type on the device.
Apple Released A Fix Lately
Apple revealed in the advisory that the issue only impacted those third-party keyboards that make use of full access. It did not affect the built-in Apple keyboard or other keyboards that don’t require full access.
Nonetheless, Apple quickly worked-out for a fix to protect users. Lately, they have rolled out the iOS 13.1.1 update whilst patching the bug CVE-2019-8779. This update is available for devices including and later than iPhone 6s, iPad Air 2, iPad mini 4, and iPod touch 7th generation.
So, all iOS 13 users out there must ensure updating their respective iPhones and iPads to the latest patch version to stay protected from potential mishaps.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Researcher Hacked Tesla Model X Demonstrating Keyless Entry System Vulnerability - November 25, 2020
- GitHub Patched A Vulnerability Months After Google’s Report - November 25, 2020
- Bug in Twitter Fleets Where Posts Remain Visible - November 24, 2020