Apple says a bug may grant ‘full access’ to third-party keyboards by mistake

Apple is warning users of a bug in iOS 13 and iPadOS involving third-party keyboards.

In a brief advisory posted Tuesday, the tech giant said the bug impacts third-party keyboards which have the ability to request “full access” permissions.

iOS 13 was released last week. Both iOS 13.1 and iPadOS 13.1, the new software version for iPads, are out today.

Third-party keyboards can either run as standalone, or with “full access” they can talk to other apps or get internet access for additional features, like spell check. But “full access” also allows the keyboard maker to capture to its servers keystroke data or anything you type — like emails, messages or passwords.

This bug, however, may allow third-party keyboards to gain full access permissions — even if it was not approved.

Apple didn’t say much more about the problem. A spokesperson did not comment beyond the advisory. But the advisory said that the bug doesn’t affect iOS’ in-built keyboard.

Update on Sept. 27: iOS 13.1.1 and iPadOS 13.1.1, released Friday, fixes the keyboard issue, according to an updated security advisory. Apple credited its own staff for discovering the keyboard-related logic vulnerability.