Number: IRCNE2015082611
Date: 2015/08/28
According to “zdnet”, a security flaw which permitted malicious applications to run in the background of iOS devices for an unlimited amount of time has been patched by Apple.
The vulnerability, dubbed Ins0mnia by FireEye researchers, allowed iOS applications to continue to run in the background of an Apple device even when the process was terminated by the user and no longer visible in the task switcher -- bypassing Apple background restrictions and timeout protocols.
However, the Ins0mnia vulnerability allows applications to bypass these Apple-imposed controls. The exploit fools the device into believing the system is being debugged, and therefore the system suspends any timeout features relating to the malicious app.
The malicious app could then run in the background and steal user data for an unlimited amount of time, and could also be used to hamper device performance and battery life.
Apple has been informed of the vulnerability and patched the problem in iOS version 8.4.1, released earlier this month.
- 18