ID: IRCNE2014022116
Date: 2013-02-26
According to "zdnet", researchers claim to have discovered another vulnerability which could allow hackers to log your keystrokes before sending such data to a remote server.
First spotted by Ars Technica, the security team at FireEye have developed a proof-of-concept application which could, in theory, run in the background of your mobile device and log your keystrokes without your knowledge.
In a blog post, the researchers say that this background monitoring can take place on both jailbroken and non-jailbroken devices running iOS 7.
FireEye says that this type of "flaw" could be used by potential attackers in order to break in to user accounts and spy on them, by duping them in to downloading a malicious application, conducting a phishing campaign, or by exploiting another remote vulnerability of an application.
Furthermore, FireEye states that disabling iOS7's "background app refresh" feature will not block the vulnerability as it can still be bypassed.
The latest scrutiny of Apple security comes as the tech giant quickly released a patch last Friday for an overlooked SSL encryption flaw which left iPhone, iPad and Mac devices open to man-in-the-middle (MITM) attacks.
Related Links:
Apple promises to fix OS X encryption flaw 'very soon'
Apple security update fixes iOS vulnerability
- 2