Apple has released a security advisory to warn users of an unpatched security bug in iOS 13 that affects third-party keyboard apps. The bug can result in granting keyboard extensions full access, even when users deny it.
Granting keyboard extensions full access could allow developers to capture everything the users type on their devices.
Third-party keyboard extensions in Apple iOS can run without access to external services, or they can request “full access” to provide additional features through network access. Apple announced an upcoming software update to address the issue, the tech giant highlighted that it doesn’t affect Apple’s built-in keyboards.
“Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.” reads the security advisory published by Apple. “This issue does not impact Apple’s built-in keyboards. It also doesn’t impact third-party keyboards that don’t make use of full access. The issue will be fixed soon in an upcoming software update.”
On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus, are forbidden from storing what you type unless you grant “full access” permissions to enable some additional features through network access.
The bug affects devices running third-party keyboard apps such as popular Gboard, Grammarly, and Swiftkey that request full access to the users.
It should be noted that the iOS 13 bug doesn’t affect Apple’s built-in keyboards or third-party keyboards that don’t make use of full access.
Users can see the installed third-party keyboard apps following these steps:
Users can mitigate this bug by temporarily uninstalling all third-party keyboards from their device.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ios 13, Apple)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
This website uses cookies.