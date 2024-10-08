iOS 18 and macOS Sequoia introduced a bunch of new cool features to your iPhone and Mac, including a new Mirroring feature. However, setting it up on a Mac provided by your employer could allow them to see sensitive data on your personal phone.

A newly discovered privacy flaw found in macOS 15 Sequoia and iOS 18 allows applications from someone's personal iPhone to be included in their company's software inventory, if they have iPhone Mirroring set up. This means sensitive information, like the use of dating apps, VPNs, or health-related apps, could be exposed to corporate IT departments. The issue itself was uncovered by a security firm called Sevco, which has also properly alerted Apple about it. Apple has acknowledged the issue and is working on a fix.

The implications are significant. For employees, this represents a major breach of privacy with potentially severe consequences, especially in regions with restrictive laws or limited personal freedoms. For companies, it creates a new data liability, potentially putting them in violation of privacy laws like CCPA and opening them up to litigation and enforcement actions.

While this is being fixed, you should avoid using iPhone Mirroring on work computers. Companies should also communicate this risk to their staff, as well as identify and mitigate any enterprise IT systems that may be collecting this sensitive data and to purge any mistakenly collected employee data once a patch is available.

There's currently no timeline for when we might see a fix land on our phones and laptops, but it will probably be arrive in a minor update to macOS Sequoia and iOS 18. It's not strange to see an early version of an operating system have bugs that weren't spotted before, but it becomes way more of a nuisance when that bug ends up being a security flaw with big implications for the handling of your personal data.

Source: Sevco