Uh oh, not another iOS security flaw. It seems as soon as Apple has squashed the last one a new research firm steps up to offer their own freshly discovered bug or hack that could send iPhone users into a tizzy. The latest is highlighted by FireEye and allows for the possibility that an app could log touch input and other actions even when running in the background.
Now, the reading of input events is standard for an app in the foreground. It’s how the app knows when a user is interacting with it, translating those interactions into a flapping bird or grocery list or whatever the app’s purpose serves. But when an app is not front and center — when it is no the app a user intends to use — it has no business prying into what sort of input is being fed into another.
FireEye has found that a hole in iOS 7’s security makes this possible, and they have even snuck a proof-of-concept app into the App Store to test Apple’s response. The firm has once been in contact with Apple to key them in to exactly what is going on. This means we might expect yet another bug-fixer update in the near future, much like we saw last week in the form of iOS 7.0.6. That update in particular addressed a nasty SSL bug that allowed hackers to siphon data off of users connected to public WiFi networks.
For now, the best way of dealing with this potential issue is simply to close background apps via the multitasking menu (double-tap the Home button). And if you still haven’t, updating to the latest version of iOS is highly recommended.
[via FireEye]
Continue reading:
- Everything New Apple Just Announced (Septembe
- Apple Watch Pre-Order
- Apple Research Kit launches with 5 Apps
- Apple TV now only $69
TAGS:
