Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Potential iOS 14.6 clipboard vulnerability??

M

Michael.K.Hall

macrumors newbie
Original poster
Jun 20, 2021
2
1
I just discovered this and would consider it a huge security risk if the app is doing anything with the pasted data in the background.

Basically, I had copied something to the clipboard in Safari. I then opened the “Geometry Lite” app and caught a glimpse of a paste operation, see attached screenshot.

It appears that the data on the clipboard automatically gets pasted to the app as soon as the app is launched. What Happens from there is anyones guess. I have tested this with copying something from notes as well and had the same result, also see attached.

I am guessing other apps may have the same issue. It happens so fast on the app, you barely have time to catch it. I had to do a quick screenshot to verify and it took me a few tries..... did I just see what I think I saw???? YES, YES I DID!!?

This seems like an obvious risk that Apple has hopefully resolved on the back end. However, I have “a vote of no confidence” after what I just witnessed….

Can anyone confirm with this or other apps??
 

Attachments

  • 398A603E-EF9E-4277-BDF2-E9A4D964FC64.jpeg
    398A603E-EF9E-4277-BDF2-E9A4D964FC64.jpeg
    134.1 KB · Views: 195
  • 86285416-3E9D-4292-B39C-64F1403F596A.jpeg
    86285416-3E9D-4292-B39C-64F1403F596A.jpeg
    199.2 KB · Views: 163
M

Michael.K.Hall

macrumors newbie
Original poster
Jun 20, 2021
2
1
Ok, I didn’t see anything come up with potential existing posts about it, but kind of figured I would not be the first to report it. Guess I figured if it was known, Apple would have addressed it! I know applications like Keypass for Windows has a timeout to clear the clipboard. I don’t see an option to disable clipboard access for an app. obviously a change like that could introduce a whole other set of issues for app usage. I would think that the app store vetting process would catch code that does these kinds of things programmatically, especially when the app opens….? Seems like common sense, but I am also limited in my understanding of Apple processes and iOS. I’ll read the story you posted. Thanks for the response!
 
  • Like
Reactions: 0128672
C

cupcakes2000

macrumors 68040
Apr 13, 2010
3,963
5,376
Michael.K.Hall said:
Ok, I didn’t see anything come up with potential existing posts about it, but kind of figured I would not be the first to report it. Guess I figured if it was known, Apple would have addressed it! I know applications like Keypass for Windows has a timeout to clear the clipboard. I don’t see an option to disable clipboard access for an app. obviously a change like that could introduce a whole other set of issues for app usage. I would think that the app store vetting process would catch code that does these kinds of things programmatically, especially when the app opens….? Seems like common sense, but I am also limited in my understanding of Apple processes and iOS. I’ll read the story you posted. Thanks for the response!
Click to expand...
There are plenty of ‘normal’ reasons why an app should do this, as well as plenty of nefarious reasons. I also wish you could stop clipboard access on a per app basis, but I think the reason that’s not done is that it would be detrimental to user experience as a whole. It’s very normal to want to paste something in to an app.
the notifications that you’re seeing are apples (recent) response to the issue, I suppose what least now you know what each app is doing. If you don’t like the activity, delete the app, or ensure the clipboard is deleted or over written with something gobbledegook before accessing untrusted apps.
 
chrfr

chrfr

macrumors G5
Jul 11, 2009
13,654
7,194
Michael.K.Hall said:
I just discovered this and would consider it a huge security risk if the app is doing anything with the pasted data in the background.

Basically, I had copied something to the clipboard in Safari. I then opened the “Geometry Lite” app and caught a glimpse of a paste operation, see attached screenshot.

It appears that the data on the clipboard automatically gets pasted to the app as soon as the app is launched. What Happens from there is anyones guess. I have tested this with copying something from notes as well and had the same result, also see attached.

I am guessing other apps may have the same issue. It happens so fast on the app, you barely have time to catch it. I had to do a quick screenshot to verify and it took me a few tries..... did I just see what I think I saw???? YES, YES I DID!!?

This seems like an obvious risk that Apple has hopefully resolved on the back end. However, I have “a vote of no confidence” after what I just witnessed….

Can anyone confirm with this or other apps??
Click to expand...
Apple is aware of this problem and has taken steps to mitigate it for iOS/iPadOS 15. App developers would have to implement this feature themselves, however: https://www.macrumors.com/2021/06/08/ios-15-secure-paste/
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom