The iPhone Mirroring feature of macOS Sequoia and iOS 18 is a security risk for corporate users, as it’s possible that a personal iPhone’s applications will be exposed to a company’s IT department.
The addition of iPhone Mirroring in macOS Sequoia allows users to see and interact with their iPhone display via their Mac. While this makes it easier to use the iPhone without necessarily having to handle it, it may be problematic when using a personal iPhone with a corporate Mac.
According to Sevco Security, there is a bug that can allow an employee’s personal iPhone to be exposed to a corporate IT department. It’s possible for an IT department to be aware of apps installed on an employee’s private iPhone.
Sevco discovered that personal iOS apps were reported as installed on Mac devices. The issue is that an IT department may see apps that could be banned from corporate devices as being “installed” on a company-managed Mac or MacBook, despite only really being installed on the user’s own iPhone.
Aside from games and other leisure apps, this could also expose the installation of other potentially risky apps. For example, a VPN in a country that heavily restricts Internet access, or a dating app that reveals the user’s sexual orientation in a repressive country.
Fearing this could be a privacy risk, and a potential violation of privacy laws in some jurisdictions, Sevco has notified Apple about the issue and potential fixes. Sevco has also informed a number of enterprise software vendors who have common customers with the security outfit, confirming the issue isn’t a one-off.
Based on conversations with Apple, Sevco expect that a patch will become available in the future.
While a fix is on the way, it is recommended that employees avoid using iPhone Mirroring with their personal iPhone on work computers. Companies should also warn employees against using iPhone Mirroring for the moment, and to identify any IT systems that collect software inventory from Macs that may be affected.