Apple Maps: this bug allows apps to obtain your location without authorization!

0
4
apple maps this bug allows apps to obtain your location.jpg
apple maps this bug allows apps to obtain your location.jpg

By releasing iOS 16.3 last week, Apple obviously took the opportunity to fix some security flaws and bugs. And precisely, we have just learned that a vulnerability allowed applications to bypass Apple Maps privacy settings in order to obtain the location of the user without permission.

apple maps flaw
Credit: 123RF

During the publication of each version of iOS, Apple of course integrates new features, but also takes the opportunity to correct bugs and security vulnerabilities discovered by the manufacturer or by computer security researchers / users.

In January 2023, for example, Apple released a new version of iOS 12 on older devices like the iPhone 5 to fix a security flaw in Safari’s rendering engine. In particular, it allowed a website to execute malicious code remotely.

As you may know, Apple rolled out iOS 16.3 to compatible devices last week. With this update, the manufacturer has integrated several new features such as end-to-end encryption for iCloud datacompatibility with FIDO security keys and the usual performance improvements.

Also to read : Apple Music no longer knows how to chain songs without cutting since iOS 16.2

A flaw in iOS allowed to bypass the security of Apple Maps

But that’s not all since Apple has also fixed some bugs and security vulnerabilities. And precisely, we have just learned that a vulnerability precisely allowed apps to bypass Apple Maps privacy settings. And this, in order to constantly obtain the location of the user without authorization.

Here is what can be read in the manufacturer’s report on this flaw CVE-2023-23503:

  • Devices affected: iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad Mini 5th generation and later
  • Impact: An app may be able to bypass Apple Maps privacy preferences
SEE ALSO  Apple ends up giving in and will incorporate one of the most historic features of Android in iOS 18

Even if Apple does not specify it, the Brazilian journalist Rodrigo Ghedin claims that this flaw has been exploited at least once by an application. Indeed, one of his readers observed that iFoodthe country’s number 1 food delivery app, constantly accessing its location on iOS 16.2 (and this despite the restrictions he had put in place). If this vulnerability is now corrected, questions remain: how many applications have been able to take advantage of this flaw? Since when does it exist? How much location data is collected? We will have to wait for a possible comment from Apple to find out.

Source : 9TB5Mac