Security News > 2020 > February > Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data
Any cut-and-paste data temporarily stored to an iPhone or iPad's memory can be accessed by all apps installed on the specific device - even malicious ones.
To illustrate his concerns, Mysk created a rogue proof-of-concept app called KlipboardSpy and an iOS widget named KlipSpyWidget.
Both are designed to illustrate how any app installed on an iOS device can act maliciously and access clipboard data and use it to spy or steal sensitive personal information.
One caveat to the developer's research was that iOS can only allow apps to read clipboard data when the apps are active and in the foreground.
For Mysk, he also believes Apple should put permissions around clipboard data the same way apps request permission to access an iPhone's Contacts and Location Services.
News URL
https://threatpost.com/apple-takes-heat-over-vulnerable-data/153171/
Related news
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)