A bug in the iPhone’s map system, Apple Maps, may have allowed third-party apps to collect users’ location data without permission. According to a report published by journalist Rodrigo Ghedin on Tuesday (31), one of the platforms that would have accessed this data is iFoodpopular Europeian delivery service.
Big tech released the update to iOS 16.3 with several bug fixes in the last week, and one of the flaws addressed by the new version of the iPhone operating system is CVE-2023-23503 which, according to Apple, could allow third parties circumvent privacy preferences in iOS 16.2.
No cases of exploitation are evidenced by Apple, but according to Ghedin’s report, the iFood would have collected location data even if users were denied access to this information. So far, there is no information about other apps that would have accessed GPS data due to the iOS glitch.
The alleged case was reported by a reader of the journalist’s blog, who claims to have solved the problem after restarting the cell phone and installing the update to iOS 16.3.
The CVE, a list of threats and vulnerabilities discovered in software, still keeps the page for the hole in question as “reserved”, suggesting that details of its behavior and potential risks have yet to be published.
It should be noted that, since information about this privacy breach has not yet been released, it is too early to deduce that iFood (and possibly other apps) was accessing location data without permission on purpose. The specialist has contacted the company but has yet to get a response.
Dan Goodin, cybersecurity expert at Ars Technica, suggests that massive amounts of data could be exploited by the iOS loophole. “I wonder how long this vulnerability has been in place,” he said.
One community member believes the breach may be related to Apple’s own permissions system, and not necessarily Maps. As an example, a user would initially allow an app to access location data and subsequently revoke that privilege, but iOS would then fail to update the settings.
The details behind the breach should be revealed in the coming weeks with its official publication on CVE and statements from Apple or iFood.
- The Apple iPhone 14 is available on Amazon for BRL 5,858. The cost-benefit is average and this is the best model in this price range.
- The Apple iPhone 13 is available on Amazon for BRL 4,928. The cost-benefit is average but this is the best model in this price range.
