If you use iPhone mirroring at work: Ask your employer’s IT department to see the list of apps you have on your phone, including dating apps, apps that track your medical and sexual history, and anything else. It should be stopped now to avoid giving it any functionality. You may want to keep other NSFW apps secret.
iPhone Mirroring is a feature that allows users to use their iPhone wirelessly to view content on the device, use apps, and receive notifications on their Mac. Requires macOS 15 Sequoia, iOS 18, and Apple Silicon to work.
While ideal for home use, it poses a potential privacy risk for employers and employees using workplace-issued Mac computers.
According to Sevco Security, which discovered and reported this oversight, “For iPhone users, this Apple bug poses a major privacy risk as it could expose or compromise aspects of their private lives that they may not want to share.” ”. Give it to Apple.
This includes using VPN apps in countries with restricted internet access, dating apps that indicate a user’s sexual orientation in areas that are unsafe or have legal implications, or accidentally sharing medical conditions or symptoms. The use of health apps involves the possibility of exposure. Pregnancies that employees do not want the workplace to know about.
Additionally, for organizations, the bug “represents new data responsibilities due to the possibility of collecting employees’ personal data,” which could lead to violations of privacy laws, lawsuits, and enforcement actions by government agencies, the researchers said. have pointed out.
According to Sevco: mdfind When an iPhone user has iPhone mirroring turned on, a list of personal iOS apps and metadata is exposed in a terminal window with full disk access. However, this bug does not reveal the contents of the user’s app.
The command line interface the researchers used to reproduce this flaw is as follows:
Apple has reportedly identified the cause and is working on a fix. register The iThings giant did not immediately respond to requests for comment and a schedule.
Cebco warned “multiple enterprise software vendors” that share customers with Security Shop and Apple, and also notified its own customers who have collected or may collect personal data of employees and He said he was suffering as a result.
But frankly, companies are warning employees about this issue and advising them not to use this feature in the workplace, as well as third-party enterprise IT vendors collecting software inventory from Macs until Apple issues a patch. We also need to work together. ®
Editor’s note: This article has been updated to clarify that this oversight reveals the list of applications on the device, not the content. I’ll be happy to reveal that.
