Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data

[silversurfer]

Content source

https://threatpost.com/apple-takes-heat-over-vulnerable-data/153171/

Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email.

Shedding light onto the potential harm of this scenario is German software engineer, Tommy Mysk, who is trying to raise awareness around what he believes is an Apple vulnerability. To illustrate his concerns, Mysk created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget.

Both are designed to illustrate how any app installed on an iOS device can act maliciously and access clipboard data and use it to spy or steal sensitive personal information. To highlight and demonstrate his concerns, Mysk told Threatpost he focused on photos taken by a device’s camera that contain time and GPS metadata that could be used to pinpoint a user.

“A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard,” the developer wrote in a technical blog post outlining his research on Monday.

“Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user’s precise location. This can happen completely transparently and without user consent,” he wrote.

Apple, in response to his research, said it didn’t consider its implementation of cut-and-paste as a vulnerability, rather a basic function of most operating systems and applications that run on them, Mysk told Threatpsot. Apple did not return Threatpost’s request for comment for this story.

 

[Antus67]

I don't like Apple's response on this issue how would they like to have their private information spread all over the web.

 

[upnorth]

Probably not the biggest " issue " for Apple.

 

[ForgottenSeer 823865]

"Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in. "

Privacy

Apple products, including Apple Intelligence, are designed to protect your privacy, because privacy is a fundamental human right.

www.apple.com

Yeah...when you get bombarded by Apple ads about privacy and read such flaw... it is amusing right?

Sometimes i wonder if all those "vulnerabilities" and "flaws" aren't made with the purpose to secretly aids the intel agencies while claiming independency from them...

"we don't works with intel agencies , not our fault if they hacked our software" yeah....