It seems Apple's security woes won't be ending any time soon, as yet another vulnerability has been exposed within days of the earlier report, in its operating system by security researchers.
Security firm FireEye has published a detailed report on an unpatched vulnerability in iOS 7 which could allow hackers to monitor user's activities on the mobile device using a background monitoring app. By bypassing Apple's app review process, the exploit can be invoked on non-jailbroken iOS 7 devices using a malicious app such as a keylogger.
A proof-of-concept app was created by FireEye, and was successfully used to demonstrate background monitoring and reporting of all screen touches, home button presses, volume button presses and TouchID presses. The app was demonstrated on iOS 7.0.4 but the firm mentions that the vulnerability exists on iOS versions 7.0.5, 7.0.6 and 6.1.x as well.
iOS 7 uses "Background App Refresh" to close idle apps, however, this setting can be bypassed by apps such as the music player and can be implemented by malicious apps to carry out monitoring. Apple and FireEye are working on getting a fix ready for the exploit, but in the meantime, users are advised to use the iOS task manager to close apps and prevent background monitoring by rogue apps.
Source: FireEye | Password Security For Safety From Mobile Phone image via Shutterstock
23 Comments - Add comment