Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access. The bug also doesn’t impact Apple s built-in keyboards or 3rd party keyboards that don’t make use of full access. While Apple doesn’t explicitly mention the iOS version affected by this issue it is safe to say that all current releases are impacted. The vulnerability is a use after free tracked as CVE-2019-8605 and was originally discovered by Google Project Zero’s Ned Williamson and patched by Apple on May 13.
Source: https://www.bleepingcomputer.com/news/security/apple-to-fix-ios-bug-granting-full-access-to-3rd-party-keyboards/