Apple(s aapl) just patched a serious SSL vulnerability flaw in iOS 7 last week, but that doesn’t appear to the end of its mobile security problems. Ars Technica pointed Tuesday to a blog post from security company FireEye that shows a new security flaw in iOS 7 that could allow certain apps to log your keystrokes as they run in the background.
Here are the details according to FireEye:
“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.
Note that the demo exploits the latest 7.0.4 version of iOS system…
View original post 238 more words