Apple Warning: Third Party Keyboards password leak flaw
Apple Warning: Third Party Keyboards password leak flaw, urgent, any third party keyboard you currently use, would advise to uninstall.
Apple has issued an urgent warning to iPhone users to avoid using third-party keyboards that could expose them to risk of having their phone hacked.
The third-party keyboards, like Google’s Gboard and Microsoft’s SwiftKey, as well as others from lesser known developers, can run stand-alone, but also request “full access”, which gives them more features.
While the full-access feature is mainly used to provide network access to enable spellcheck and GIF keyboards, it also gives developers the ability to collect keystroke data, meaning they could potentially see everything you type, from private messages to sensitive passwords.
Full access usually requires permission from the user to enable, but a bug in iOS 13 and iPadOS gives keyboard extensions the ability to gain full access without even asking you first.
Apple said the issue would be fixed “soon” via a software update, but it’s believed still to be putting users at risk.
Earlier this week, the company released iOS 13.1 to add a number of new features, fix bugs, and close a vulnerability that allowed hackers to gain access to a user’s contacts even when the phone is locked.
While that issue has been fixed, it’s understood the keyboard vulnerability remains, as Apple’s security updates only provide details on flaws that have been addressed.
“For our customers’ protection, Apple doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available,” Apple said.
The bug doesn’t affect Apple’s built-in keyboards or third-party keyboards that don’t have full access features, so it’s best to stick with one of them for the moment.
The update to iOS 13.1 was rushed out to address bugs and add features that weren’t ready in time for the launch of the iPhone 11.
Some of the new features include an ability in Apple Maps to share your estimated time of arrival with a contact, and improvements to the Shortcuts Automation feature, that can trigger an action to happen once another has been enacted.
Taken together, you could set up a shortcut to share your ETA with a contact when you get in the car to drive to their house for instance.
Apple has also added its audio sharing feature that allows two pairs of Airpods or Beats headphones to stream content from the same iPhone as well as some mild tweaks to Volume to show when headphones are connected, and some design changes to emojis.
Users on new iPhone 11 models that shipped with iOS 13 are advised to update to 13.1 to receive the security and bug fixes, but if you’re on an older model still running iOS 12 it’s probably best to stick with that until Apple works out all the kinks on its new software.