Apple Warns Of Critical iOS 13.1 Third-Party Keyboard Security Exploit, Promises Fix
On the same day Apple released an incremental update to iOS 13, the company also issued a notice warning millions of iPhone and iPad users of a security issue that has not yet been resolved. The issue affects third-party keyboard apps in iOS 13 and iOS 13.1, on iPhone, iPad, and iPad touch devices.
"Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access," Apple says.
Fortunately, the issue does not affect Apple's built-in keyboards. Third party keyboards that do not make use of full access are also immune to the flaw. That still leaves some popular options that are affected, however, such as Gboard (Google) and SwiftKey (Microsoft).
Apple did not go into great detail about the flaw. The timing is interesting, though—Apple launched iOS 13 on September 19, followed by an incremental update to iOS 13.1 on September 24. While Apple only references iOS 13 in its security warning, it also affects the more recent update, as the company does not yet have a fix in place.
"The issue will be fixed soon in an upcoming software update," Apple says.
In the meantime, you can check which keyboards you have installed by going to Settings > General > Keyboard > Keyboards.