Apple’s iOS pasteboard leaks location data to spy apps | #CyberSecurity #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
From nakedsecurity.sophos.com - February 26, 2020 5:45 PM

To most iOS users, pasteboard is simply part of the way to copy and paste data from one place to another.

 

Although a malicious app should only be able to access pasteboard data while active, Mysk’s bypass was to write a demo app, KlipboardSpy, paired to a foreground widget visible in Today View, to prove the hack worked under real-world conditions. Moreover:

As the pasteboard is designed to store all types of data, the exploit is not only restricted to leaking location information. By gathering all these types of content, a malicious app can covertly build a rich profile for each user, and what it can do with this content is limitless.

That’s not only location data, then, but potentially anything the user has copied into pasteboard, including passwords and bank details.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=iOS