New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

New Apple Flaw Allows Third Party Keyboards to Have “Full Access”

A new flaw that has been released in the new Apple iOS 13 can allows third-party keyboards to have “full access” without the user’s approval. Full access would allow the keyboard to capture all keystrokes entered on the device. While most third-party keyboards that are trusted require full access, it is likely that they would not abuse this privilege. On the other hand, some applications offer a third-party keyboard which could be malicious. Even though a user would not give them full access because of general security practices, this new flaw allows the keyboard to grant itself full access and thus capture all keystrokes without the victim knowing. This flaw does not affect any of the keyboards that are built into the iPhone, but just the ones that are downloaded.

Analyst Notes

Until Apple is able to come up with a fix for this and send out an update, users should disable all third-party keyboards, especially ones that are not known. To do this, users can go to Setting> General> Keyboard> Keyboards to see which keyboards are enabled.