Skip to main content
Hardware

Apple bug could expose personal info to your employer

Employees should stop using the mirror app and companies should tell staff not to connect their phone to work devices.
article cover

Pascal Deloche/Getty Images

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Mirror, mirror on the screen—will my work see everything?

A new report from cybersecurity company Sevco indicates that, yes, it will—at least as long as you are mirroring your iPhone onto your work device. The new mirroring app makes it easier for Apple users to transition between their phones and laptop or desktop computers.

Glass slipper. At issue is a bug in macOS 15.0 Sequoia and iOS 18 that could expose personal information via iPhone apps to company IT teams if their phones are connected to corporate computers. Sevco researchers noticed something was amiss when they saw personal iOS apps installed on Mac devices, leading them to look into the issue.

“As we dug in, we recognized it was not a glitch—personal iOS apps were indeed being reported on Mac devices from multiple upstream software vendors at multiple customers,” the researchers wrote. “This issue was something new and systemic.”

The risk is twofold, Sevco researchers explained: On one hand, employees rightfully will worry that their private lives could be exposed to their employer; on the other, companies are on the hook for data liability if they access worker data, even if unwillingly.

Pumpkin time. Sean Wright, Featurespace head of application security, told Forbes that the danger of the bug is relative to how much trust you have in your employer in the first place.

“If you don’t trust your employer, I certainly would not recommend using any personal device in work capacity, and vice-versa,” Wright said.

Sevco researchers recommend basic security hygiene steps to manage the breach threat while waiting for a fix from Apple. Employees should stop using the mirror app and companies should tell staff not to connect their phone to work devices. Companies should also take care to ensure third-party vendors do not collect information from work devices.

“When a patch becomes available, companies will need to apply the patch to stop collecting private employee data,” the researchers wrote. “After the patch is available, Sevco recommends that companies purge any mistakenly collected employee data to eliminate liability risk.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.