Apple Warns iOS 13 Users About Keyboard Flaw

MobilitySecuritySecurity ManagementSmartphonesTablets
security vulnerability Shutterstock - © Andy Dean Photography

Apple promises fix to patch a security issue for iOS 13 users who have installed certain keyboard apps

Apple has warned of a security vulnerability for iOS 13 users who have installed certain third-party keyboard apps.

The flaw is so serious that it could allow for unauthorised access to iPhones or iPads, and a number of well-known keyboard apps are at risk.

Apple had released iOS 13, the thirteen major release of the iOS mobile operating system last week on 19 September. It included a dark theme and the QuickPath virtual keyboard, that allows the user to swipe their finger across the keyboard to complete words and phrases.

Keyboard flaw

That typing by swiping feature was first found in Microsoft’s Windows Phone devices years ago, but was later provided by a number of third-party keyboard applications such as Microsoft’s SwiftKey, Adaptxt, or Gboard.

And now Apple has issued a warning about a security issue for iOS 13 users who installed certain keyboard apps.

“An upcoming software update will fix an issue that impacts third-party keyboard apps,” said Apple. “This issue applies only if you’ve installed third-party keyboards on your iPhone, iPad, or iPod touch.”

“Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request ‘full access’ to provide additional features through network access,” said Apple.

“Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access,” it said, before stressing that the flaw does not impact Apple’s built-in keyboards.

It also doesn’t impact third-party keyboards that don’t make use of full access.

This is the second security issue with iOS 13 in a week.

Apple issued a fix on Tuesday for a flaw with the mobile operating system, that exposed contact details stored in iPhones without requiring a passcode or biometric identification.

Apple did not reveal exactly when the keyboard fix will be released, but there have been problems with keyboard apps before.

In 2015 NowSecure revealed that more than 600 million Samsung smartphones were at risk from a flaw in messaging app SwiftKey, which came pre-loaded on Samsung handsets.

Do you know all about security? Try our quiz!

Read also :
Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio