iOS 13 Bug Gives Third-Party Keyboards “Full Access” Permissions

This week, Apple released iOS 13 and iPadOS, now a few days later, the company is warning users of an unpatched security flaw in third-party keyboard apps.

Apple has released a security advisory to warn users of an unpatched security bug in iOS 13 that affects third-party keyboard apps. The bug can result in granting keyboard extensions full access, even when users deny it.

Granting keyboard extensions full access could allow developers to capture everything the users type on their devices.

Third-party keyboard extensions in Apple iOS can run without access to external services, or they can request “full access” to provide additional features through network access. Apple announced an upcoming software update to address the issue, the tech giant highlighted that it doesn’t affect Apple’s built-in keyboards.

“Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.” reads the security advisory published by Apple. “This issue does not impact Apple’s built-in keyboards. It also doesn’t impact third-party keyboards that don’t make use of full access. The issue will be fixed soon in an upcoming software update.”

On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant “full access” permissions to enable some additional features through network access.

The bug affects devices running third-party keyboard apps such as popular Gboard, Grammarly, and Swiftkey that request full access to the users.

It should be noted that the iOS 13 bug doesn’t affect Apple’s built-in keyboards or third-party keyboards that don’t make use of full access.

Users can see the installed third-party keyboard apps following these steps:

Open the Settings app.
Go to General > Keyboard > Keyboards.

Users can mitigate this bug by temporarily uninstalling all third-party keyboards from their device.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ios 13, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.