As I waited in the Denver Airport for a connecting flight, I opened the calendar app on my iPhone (16 Pro running 26.2) and was greeted with the "Allow paste from Safari" dialog box. I clicked "Allow," and a new appointment was pasted into my calendar. To my surprise, the appointment was from a user I didn't recognize for an appointment I didn't make.
Annoying, but easily solved.
More troubling is how my iPhone grabbed someone else's clipboard contents from iCloud? I don't want to overreact, but I have Universal copy/paste on all my devices, and I'm copying sensitive information all the time.
I submitted this to Apple Product Security and was told it is not a security problem.
Has anyone heard of a similar issue?
*FWIW, I doubt that my iCloud account was breached. It is annoyingly secure with hardware 2FA (Yubikey) and 30+ characters of jibberish as a password.
Annoying, but easily solved.
More troubling is how my iPhone grabbed someone else's clipboard contents from iCloud? I don't want to overreact, but I have Universal copy/paste on all my devices, and I'm copying sensitive information all the time.
I submitted this to Apple Product Security and was told it is not a security problem.
Has anyone heard of a similar issue?
*FWIW, I doubt that my iCloud account was breached. It is annoyingly secure with hardware 2FA (Yubikey) and 30+ characters of jibberish as a password.
