The testing of the beta version of the iOS 14 system revealed that the LinkedIn app was able to access content on users’ clipboards. According to data security training specialists, it has been found that the Reddit app exhibits similar behavior.
Don Morton, responsible for the finding on LinkedIn, also discovered this condition. A new feature in iOS 14 (for now only available to beta users) notifies users when other apps or widgets access system clipboard content. Applications like TikTok behave similarly.
According to the previous report, 53 applications can access clipboard data, although data security training experts mention that TikTok had greater access to user information.
After this was revealed, TikTok’s managers reported that the app does not store or receive any of the clipboard data, plus the feature was disabled in the app’s most recent update, released on June 27.
Moreover, after it was revealed that LinkedIn has also participated in this kind of activity, Erran Berger, vice president of engineering for the networking platform, noted that this was due to an equal verification between the contents of the clipboard and what is written in LinkedIn text boxes. Berger also assured that this feature would be disabled as soon as possible.
A Reddit spokesperson mentioned that he had tracked the behavior, concluding that the “post-composer” function (which verifies URLs and suggests a post title based on the content of the text) could also access the contents of the clipboard. The spokesperson added that Reddit also does not store or send to third parties the content of this tool. This feature will be disabled on July 14.
Many data security training specialists find it a surprise that this behavior has taken so long to come to light, as everything has been revealed since the release of the iOS 14 beta. A few months ago, two developers explained how they had discovered that location information was leaking through the clipboard system: “Apple informed us that they don’t see a problem with this vulnerability,” the researchers said.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
