Apple’s iOS and MacOS operating systems are often credited for having relatively better security and privacy when compared to their direct rivals. However, that is not the case, as numerous vulnerabilities have been pointed out time and time again.
A new vulnerability has now been discovered in iOS yet again that could reportedly lead to data leaks in iPhones and iPads. According to researchers Talal Haj Bakry and Tommy Mysk, when a user copies any text to their clipboard in iOS, this data is temporarily stored onto the device’s memory and is accessible by all other apps, creating a major security risk of sensitive data such as passwords, location data, or bank account details getting leaked.
iOS and iPad operating system apps have unrestricted access to the system-wide general pasteboard. A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard. Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties.
The two researchers have also published a video demonstrating how this security flaw can be exploited. They used an app called KlipboardSpy to show how apps have access to the data saved on the clipboard.
The researchers reported the vulnerability to Apple earlier, and Apple being Apple, responded by saying that they don’t see this as an issue as apps in iOS are designed to read clipboard data when they’re in the foreground. The researchers, however, cautioned that apps always have access to this data once a widget is placed on Apple’s Today View.
They concluded their article by suggesting that a possible fix to this exploit would be to introduce a new permission that would allow users to grant access to the clipboard for each app but it remains to be seen whether Apple will consider it or not.