Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad.
The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the iPhone, iPad or iPod touch.
āApple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you havenāt approved this access,ā the company wrote in the alert. āThe issue will be fixed soon in an upcoming software update.ā
Third-party keyboards have two modes in which they can run in iOSāentirely standalone, without access to external services, or with full access to provide additional features through network access, according to Apple.
The bug does not impact Appleās built-in keyboards, nor does it impact third-party keyboards that donāt make use of full access, the company said.
While users wait for the patch, Apple advised users to check their third-party keyboard in Settings on their devices.
The bug is not the first found in the most recent release of iOS, the system that runs Appleās ubiquitously popular mobile devices.
In July, Jose Rodriguez, an Apple enthusiast based in Spain, alerted users to an iPhone lock screen bypass in iOS 13āwhich at that point was in pre-release versionsāthat could enable an attacker to access victimsā address books. Data that could fall prey to unauthorized access included their contactsā names, email addresses, phone numbers, mailing addresses and more, he said. Rodriguez also had previously discovered other security flaws in iPhones.
The discovery of vulnerabilities in the early days of the latest iOS releaseāwhich just came out on Thursdayāhave led some to criticize Apple for what appears to be inattention to security in the latest version of its mobile OS.
āSo thereās a lock screen exploit in iOS 13, a keyboard access bug, and what else?ā Tweeted Tom Warren, senior editor at U.K.-based science and culture website The Verge. āApple focused on quality with iOS 12, and then totally dropped the ball with iOS 13.ā
Users also are questioning Appleās rather slow pace at fixing bugs in the new OS. Though Rodriguez told the company about the lock-screen bug in July, it wasnāt patched until last week. Similarly, Apple did not provide a timeframe for when the latest keyboard bug would be patched, referring only to an upcoming update.
āI mean, at least the screenshot bug Iāve had since before last year is finally fixed,ā Tweeted freelance reporter Timothy J. Seppala in response to Warrenās Twitter comment about the bug fix. Warren sarcastically replied, āProgress.ā
Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Donāt miss our freeThreatpost webinar, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts.Click here to register.
register.gotowebinar.com/register/8988544242398214146?source=ART
register.gotowebinar.com/register/8988544242398214146?source=ART
seclists.org/fulldisclosure/2019/Sep/31
support.apple.com/en-us/HT210613
threatpost.com/iphone-ios-13-lockscreen-bypass/148332/
threatpost.com/newsletter-sign/
twitter.com/timseppala/status/1176583935846965249
twitter.com/tomwarren/status/1176583278171754496