A new flaw that has been released in the new Apple iOS 13 can allows third-party keyboards to have “full access” without the user’s approval. Full access would allow the keyboard to capture all keystrokes entered on the device. While most third-party keyboards that are trusted require full access, it is likely that they would not abuse this privilege. On the other hand, some applications offer a third-party keyboard which could be malicious. Even though a user would not give them full access because of general security practices, this new flaw allows the keyboard to grant itself full access and thus capture all keystrokes without the victim knowing. This flaw does not affect any of the keyboards that are built into the iPhone, but just the ones that are downloaded.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In