iOS Vulnerability Allows Malicious Apps to Monitor User Touch Inputs
A new iOS bug has been recently found that allows malicious apps to monitor and log user’s touch inputs and button pressings. Such apps are capable of running in background and sending sensitive data to remote servers. That is why you should carefully choose, which apps to install and which not.
Here’s what the FireEye security researchers write about the bug (via
Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
Researchers claim that the company from Cupertino is aware of the problem and is already working on a fix. However, Apple has neither confirmed, nor denied such claims.