Apple’s new macOS Sequoia operating system includes a new feature called iPhone Mirroring that allows users to conveniently access your iPhone from your work Mac. But, is the feature a security issue at work? “Yes,” says security firm Sevco. The firm has discovered a significant privacy risk that users should carefully consider before using the feature on a company Mac until Apple has provided a fix for the issue.
A new blog post by Sevco says using the feature at work could expose your personal iPhone’s apps to their corporate IT department.
For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don’t want to share or that could put them at risk. This could include exposing a VPN app in a country that restricts access to the internet, a dating app that reveals their sexual orientation in a jurisdiction with limited protections or legal consequences, or an app related to a health condition that an employee simply does not want to share. The consequences of such data exposure may be severe.
The issue rears its ugly head due to in how iPhone Mirroring interacts with the macOS files system and metadata. When the feature is activated on a Mac, it creates “app stubs” for iOS apps in a directory on the Mac called “/Users//Library/Daemon Containers//Data/Library/Caches/.” The stubs contain metadata about the iPhone apps, including app names, icons, versions, descriptions, and more. While the app’s executable code is not included in the app stubs, it contains enough information to allow macOS to treat them as applications.
Since many organizations use IT management and enterprise security tools to scan Macs for installed software, which often use the macOS metadata system, the metadata from the iPhone’s apps will be included in the scan. This means a user’s personal iPhone apps can appear in their employer’s software inventory
Sevco demonstrated the issue by entering the following in a Terminal window, first on a Mac without the iPhone Mirroring feature turned on, then on the same Mac with the feature enabled:
mdfind “kMDItemContentTypeTree == com.apple.application” | grep Daemon
On a Mac without iPhone Mirroring turned on, the command only returns the expected list of macOS applications. However, when iPhone Mirroring is enabled, it also displays a list of the iOS apps and metadata from the user’s personal iPhone. This means that employees could inadvertently have their health information, dating informations, sexual preferences, and other information exposed. This could also be dangerous for employees that use a VPN in heavily restrictive countries.
Sevco says it has told Apple about the issue and that a fix is being worked on. However, until the fix is made available and widely installed, employees and companies should avoid enabling the iPhone Mirroring feature, or if it has been turned on, it should be disabled until the fix is available. Companies should also work with vendors of enterprise IT systems that collect Mac software inventories to lessen the risk until a patch is ready.
