Apple user? Alert! This flaw can expose your iPhone, iPad data
Apple takes a lot of pride in its data security and privacy. The tech giant has often taken jibes at its competitors for over the same. However, it seems like even the Apple users are not entirely safe.
Apple takes a lot of pride in its data security and privacy. The tech giant has often taken jibes at its competitors for over the same. However, it seems like even the Apple users are not entirely safe. An alleged flaw in its ecosystem can expose the personal data of millions of iPhone and iPad users, claim two researchers. According to Talal Haj Bakry and Tommy Mysk, when a user copies any miscellaneous data, it gets stored on Apple's general pasteboard (commonly known as clipboard).
The data is temporarily stored to the device's memory. The researchers claim that this data can be accessed by all apps which risks revealing private information such as a user's GPS coordinates, passwords and banking details. Even the images clicked and copied by the users can put their data at risk.
"iOS and iPad operating system apps have unrestricted access to the system-wide general pasteboard," the duo noted in a post published on Monday.
"A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties," they added.
WATCH | iQOO 3 unboxing and first look
The duo has also published a video on their blog in which they created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget to show how data saved in general pasteboard gets accessed by apps. The claimed that the article was submitted to Apple on January 2, 2020.
"After analysing the submission, Apple informed us that [it doesn't] see an issue with this vulnerability," they said. The duo suggested that Apple should not have “unrestricted access to the pasteboard without user's consent," adding, "Alternatively, the operating system can only expose the content of the pasteboard to an app when the user actively performs a paste operation."
11:25 AM IST