iOS 13 was not born exactly under a good star: a few hours after the release of the version 13.1, useful to solve a serious vulnerability already emerged prematurely and that allowed to unlock a device with a simple combination of tap, here emerges a good serious vulnerability. Apple, aware of the problem, notifies its presence, explains that it is at work for a quick fix and explains how to work around the danger pending the final update 13.2.
Additional note: being the series iPhone 11 natively distributed with iOS 13, the problem also affects the latest generation devices. The new iPadOS is also involved.
The vulnerability relates to permits granted to third production keyboards (often used to replace the official keyboard on the iPhone or iPad). When one of these apps asks for "full access" to the smartphone's functions, in fact, this process must theoretically be authorized by the user, who can therefore knowingly assign this right to the app. Known and widespread keyboards such as GBoard, SwiftKey or Grammarly usually ask for targeted permissions, without exceeding, but this may not be the case for third-party productions, perhaps from some minor developer, to which full power is then put on your smartphone.
The problem lies in the fact that, although there is no need for authorization, third-party keyboards can be installed with "full access", leaving the user potentially at the mercy of a malicious developer.
How to solve
There are three ways to solve the problem:
- uninstall third-party virtual keyboards, thus preventing anyone from taking advantage of the temporary bug;
- wait for the iOS update paying attention to the keyboards in use
- manage keyboards manually through the menu
Generali > Tastiera > Tastiere
At this point it will be possible to manage the individual permissions, thus limiting the power of action of any keyboard that has been installed.