Apple Warns iOS 13 Users About Keyboard Flaw

Apple has warned of a security vulnerability for iOS 13 users who have installed certain third-party keyboard apps.

The flaw is so serious that it could allow for unauthorised access to iPhones or iPads, and a number of well-known keyboard apps are at risk.

Apple had released iOS 13, the thirteen major release of the iOS mobile operating system last week on 19 September. It included a dark theme and the QuickPath virtual keyboard, that allows the user to swipe their finger across the keyboard to complete words and phrases.

Keyboard flaw

That typing by swiping feature was first found in Microsoft’s Windows Phone devices years ago, but was later provided by a number of third-party keyboard applications such as Microsoft’s SwiftKey, Adaptxt, or Gboard.

And now Apple has issued a warning about a security issue for iOS 13 users who installed certain keyboard apps.

“An upcoming software update will fix an issue that impacts third-party keyboard apps,” said Apple. “This issue applies only if you’ve installed third-party keyboards on your iPhone, iPad, or iPod touch.”

“Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request ‘full access’ to provide additional features through network access,” said Apple.

“Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access,” it said, before stressing that the flaw does not impact Apple’s built-in keyboards.

It also doesn’t impact third-party keyboards that don’t make use of full access.

This is the second security issue with iOS 13 in a week.

Apple issued a fix on Tuesday for a flaw with the mobile operating system, that exposed contact details stored in iPhones without requiring a passcode or biometric identification.

Apple did not reveal exactly when the keyboard fix will be released, but there have been problems with keyboard apps before.

In 2015 NowSecure revealed that more than 600 million Samsung smartphones were at risk from a flaw in messaging app SwiftKey, which came pre-loaded on Samsung handsets.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago