It’s been only days since Apple fixed the wide spread iOS security flaw that made headlines, and now another issue has surfaced. A network security company has spotted another hole that is allowing malicious software to watch your every move.
Security firm FireEye spotted the issue and was able to get a dummy app onto the App Store to prove it, a technique many security groups use as proof of concept. The particular security flaw at hand, which is present on the newest version of iOS, allows for apps to track your keystrokes made possible by iOS 7’s multitasking features. The process will track your moves while running as a background process, potentially without the users knowledge.
FireEye explained its proof of concept app further saying this “monitoring app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server,” the company explained. It goes on to say that it was able to exploit this vulnerability on iOS 7.0.4 as well as iOS 7.0.5, 7.0.6 and 6.1.x.
Fortunately from the sounds of it, this security flaw can only be exploited when you download something you shouldn’t. While we are waiting for Apple to patch things up, reports say that even if something does hit your system in this way, it can be easily rectified by paying close attention to your background processes and then ditching anything shady.