The new iPhone Mirroring feature in macOS Sequoia and iOS 18 has raised significant privacy concerns for corporate users, as security firm Sevco has uncovered a vulnerability that may expose personal app metadata to corporate IT departments. The feature allows users to interact with their iPhones through their Macs, but this seamless integration has a drawback: it creates “app stubs” in macOS’s file system that include metadata from the iPhone’s apps, such as app names, icons, and other details, despite no actual app data being transferred.

This poses a risk for corporate environments. Many IT departments use tools to scan devices for installed software, and because iPhone app metadata is treated as part of the macOS file system, personal iPhone apps may appear in corporate software inventories. This can unintentionally expose personal apps that employees might want to keep private, such as VPNs used in countries with restricted internet access, dating apps, or health-related services.

For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don’t want to share or that could put them at risk. This could include exposing a VPN app in a country that restricts access to the internet, a dating app that reveals their sexual orientation in a jurisdiction with limited protections or legal consequences, or an app related to a health condition that an employee simply does not want to share. The consequences of such data exposure may be severe.

The issue presents not only a privacy concern for employees but also a potential legal liability for companies. Organizations could inadvertently collect private data and violate privacy laws like the California Consumer Privacy Act (CCPA), creating risks for both parties.

For companies, this bug represents a new data liability from potentially collecting private employee data. If this bug is not addressed, it may lead to violation of major privacy laws such as CCPA, potential litigation, and federal agency enforcement.

Sevco has reported the issue to Apple, which is actively working on a fix. However, until a patch is available, companies are advised to disable the iPhone Mirroring feature on work devices, and employees should refrain from using it on company-owned Macs.

(via Sevco)

Categorized in: