Apple Patched An iOS 13.1 Bug That Granted ‘Full Access’ To Third-Party Keyboards

Using third-party keyboards on your iPhone is something of a normality for many iOS users. However, it could be troublesome should the keyboard start spying on users. The aforementioned became possible due to a flaw in iOS 13.1, Apple however stepped-up quickly to address this issue. Recently, Apple released a warning for the users about an iOS 13.1 bug that granted full access to third-party keyboards. Later, the tech giant also resolved the problem.

iOS 13.1 Gave Full Access To Keyboards

In a recent advisory, Apple warned users of a serious vulnerability affecting the latest iPhones and iPads. As revealed, an iOS 13.1 bug existed that granted full access to third party keyboards.

According to the advisory, the third-party extensions in iOS can either choose to run as standalone or can request complete access for any additional features. As a standard, this requires input for gaining such access. However, due to the bug, iOS 13 granted full-access to the third-party keyboards without approval.

Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.

Consequently, it became possible for a bad actor behind a third-party keyboard to capture keystrokes on the device. More precisely, a threat actor could easily know whatever a user would type on the device.

Apple Released A Fix Lately

Apple revealed in the advisory that the issue only impacted those third-party keyboards that make use of full access. It did not affect the built-in Apple keyboard or other keyboards that don’t require full access.

Nonetheless, Apple quickly worked-out for a fix to protect users. Lately, they have rolled out the iOS 13.1.1 update whilst patching the bug CVE-2019-8779. This update is available for devices including and later than iPhone 6s, iPad Air 2, iPad mini 4, and iPod touch 7th generation.

So, all iOS 13 users out there must ensure updating their respective iPhones and iPads to the latest patch version to stay protected from potential mishaps.

Let us know your thoughts in the comments.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs