A new flaw in iOS 7 has been found on the heels of Apple's recent encryption issue. This new flaw could be used to log everything a user does on their phone. The flaw was discovered by FireEye, a security firm, who is now working with Apple to fix the issue.
FireEye has stated that this was possible by making an app that recorded any and all keystrokes used on an iOS 7 device. The app would then send all recorded keystrokes to a remote server. Any app using this malicious code could run in the background without the user being aware. The readout of the screen presses could then be used to reconstruct what the user was accessing making it possible to obtain passwords, bank information, or anything else input into the phone by the user.
Until Apple releases a patch for the vulnerability, the only way to prevent attacks is to open the iOS task manager and stop questionable apps from running in the background. Users can open the task manager by pressing the home button twice. You can read more about the issue on ArsTechnica.
Labels: GoTrusted Secure Tunnel, identity protection, iOS 7, iOS bug, iOS flaw, iOs security, malware, Phone hacking, Phone Security