It’s Been The Week For iOS7 Flaws As A Keylogging Flaw Is Discovered

|
,

iPhone5s
photo courtesy of uk.msn.com

Security company FireEye is reporting a new keylogging flaw inside iOS7 that would allow an app to record what you’re typing and send that data to the server of its choice. Both Gigaom and Ars Technica are reporting this via FireEye’s blog. This has been a serious past few days for Apple, iOS and OSX. First there was the SSL security flaw found in iOS7 and OSX, read more here. Apple managed to push out a fix very fast for the iOS7 SSL flaw but their OSX platform still remains unpatched. Now FireEye is just compounding the bad news for the company and they’re likely scrambling to get it researched and patched. It is important to note that this flaw only applies to apps that run the monitoring code to use the flaw. Here’s what FireEye had to say.

“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.”

Generally Apple’s security is top notch but there is obviously someone possibly sleeping at the wheel this week (tongue in cheek). For the most part Apple has done well in responding to these types of issues and we’re sure they will do the same for this. Although we are still anxiously waiting the fix for the SSL flaw in OSX, the company hasn’t given any timeline as to when that will happen.

Sources: Gigaom, Ars Technica and FireEye

Enhanced by Zemanta

Last Updated on January 23, 2017.

Previous

Stephen Elop Takes The Reigns Of Microsoft’s Devices and Studios Division

Apple Releases Mavericks 10.9.2 OSX Update With SSL Fix

Next

Latest Articles

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap