Privacy News Broken Mirror: iPhone Mirroring at Work May Expose Employees’ Personal Information

lokamoka820

lokamoka820

Level 21
Thread author
Mar 1, 2024
1,060
Content source
https://www.sevcosecurity.com/iphone-mirroring-expose-employee-personal-information/
As deployments of macOS 15.0 Sequoia and iOS 18 continue, Sevco discovered a major systemic privacy bug whereby the applications from a user’s personal iPhone may become part of the company’s software inventory via a new Apple feature known as “iPhone Mirroring.”

In short, the applications on an employee’s personal iPhone may be exposed to their corporate IT department.

For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don’t want to share or that could put them at risk. This could include exposing a VPN app in a country that restricts access to the internet, a dating app that reveals their sexual orientation in a jurisdiction with limited protections or legal consequences, or an app related to a health condition that an employee simply does not want to share. The consequences of such data exposure may be severe.

For companies, this bug represents a new data liability from potentially collecting private employee data. If this bug is not addressed, it may lead to violation of major privacy laws such as CCPA, potential litigation, and federal agency enforcement.

Sevco has notified Apple, who has identified the root cause and is working on a fix. We have also notified several enterprise software vendors where Sevco, Apple, and the vendor have common customers and we have confirmed the issue. We have also notified our customers that have collected or have the potential to collect private employee data.

In the immediate term:
  • Employees should not use iPhone Mirroring on work computers
  • Companies should communicate to employees that they should avoid using iPhone Mirroring on work computers (this may be a legal or regulatory requirement)
  • Companies should identify any enterprise IT systems that collect software inventory from Macs and work with those vendors to mitigate the risk until a patch is available
We expect Apple to patch macOS before long based on our conversations with them. When a patch becomes available, companies will need to apply the patch to stop collecting private employee data. After the patch is available, Sevco recommends that companies purge any mistakenly collected employee data to eliminate liability risk.
Click to expand...
 
  • +Reputation
  • Like
Reactions: Gandalf_The_Grey and [correlate]
SpiderWeb

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
603
It is actually doing the opposite. Apple services travel through their own separate end to ebd encrypted VPN that not even Apple has access to your data. They call it stateless data processing:

security.apple.com

Blog - Private Cloud Compute: A new frontier for AI privacy in the cloud - Apple Security Research

Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing...
security.apple.com security.apple.com

Essentially the reason is because of services like iMessage, Find My Device and Apple Notarization which require uninterrupted access.
 

Similar threads

[correlate]
    • Like
Privacy News Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’
Replies
1
Views
1,579
Security News
SpiderWeb
SpiderWeb
Viking
    • Like
    • Wow
    • +Reputation
Security News Thousands of Heineken employees affected in alleged data breach
Replies
0
Views
1,773
Security News
Viking
Viking
vtqhtr413
    • Wow
    • Applause
    • +Reputation
Security News AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info
Replies
0
Views
2,020
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top