Don’t use iPhone Mirroring at work, experts warn

If you’re using iPhone Mirroring at work: It’s time to stop, lest you give your employer’s IT department the capability to snoop through the list of apps you have on your phone — dating apps, those tracking medical conditions or sexual history, or any other NSFW apps that you might want to keep to yourself.

iPhone Mirroring is a feature that allows users to wirelessly use iPhones for viewing content on the device, using apps, and receiving notifications on a Mac. It requires macOS 15 Sequoia, iOS 18, and Apple Silicon to work.

It’s great for home use, but presents a potential privacy risk between employers and employees using a work-issued Mac computer.

“For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don’t want to share or that could put them at risk,” according to Sevco Security, which spotted the oversight and reported it to Apple.

This includes potentially exposing the use of a VPN app in a country that restricts internet access, a dating app that indicates the user’s sexual orientation in a region where that’s not safe or has legal consequences, or a health app that inadvertently shares a medical condition or pregnancy that the employee doesn’t want their work to know about.

Plus, for organizations, “this bug represents a new data liability from potentially collecting private employee data” that could lead to privacy law violations, lawsuits, and government agency enforcement actions, the researchers note.

According to Sevco, executing mdfind in a terminal window that has been granted full disk access exposes a list of personal iOS apps and metadata if the iPhone user has turned on iPhone Mirroring. The bug does not, however, reveal the contents of a user’s apps.

Here’s the command line interface the researchers used to reproduce this flaw:

Apple, we’re told, has identified the cause and is working on a fix. The Register reached out to the iThings giant for comment and a timeline but did not receive an immediate response.

Sevco says it has alerted “several enterprise software vendors” that share customers with the security shop and Apple, and has also notified its own customers that have collected or could potentially collect private employee data – and then suffer the consequences.

But to be blunt, companies should also alert employees about the issue, advise them not to use this feature at work, and also work with any third-party enterprise IT vendors that collect software inventory from Macs until Apple issues a patch. ®

Editor’s note: This article was updated to clarify that this oversight reveals the list of applications on a device, though not the contents. We’re happy to make that clear.