Security News > 2020 > February > Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data

Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data
2020-02-24 21:49

Any cut-and-paste data temporarily stored to an iPhone or iPad's memory can be accessed by all apps installed on the specific device - even malicious ones.

To illustrate his concerns, Mysk created a rogue proof-of-concept app called KlipboardSpy and an iOS widget named KlipSpyWidget.

Both are designed to illustrate how any app installed on an iOS device can act maliciously and access clipboard data and use it to spy or steal sensitive personal information.

One caveat to the developer's research was that iOS can only allow apps to read clipboard data when the apps are active and in the foreground.

For Mysk, he also believes Apple should put permissions around clipboard data the same way apps request permission to access an iPhone's Contacts and Location Services.


News URL

https://threatpost.com/apple-takes-heat-over-vulnerable-data/153171/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 584 4215 1628 2414 8841