Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs
Researchers from security firm FireEye have revealed a new bug in iOS that enables a malicious app to monitor and log a user's touch inputs and button uses while running in the background, reports Ars Technica. The exploit reportedly targets a flaw in iOS' multitasking capabilities to capture user inputs, and allows for them to be sent to a remote server.
To demonstrate the flaw, the researchers created a proof-of-concept monitoring app and developed approaches to "bypass" Apple's App Store Review process effectively. Once the app was installed on an iOS device, actions including keyboard inputs, use of the volume, home, and power buttons, screen touches with exact coordinates, and Touch ID events were all captured. The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.
FireEye also spoke about the flaw being identified in current versions of iOS:
Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
The group added that it is actively working with Apple on the issue, although the company has yet to comment publicly. The news comes less than a week after Apple issued iOS 7.0.6 in response to a SSL vulnerability that allowed a hacker to capture or modify data from Safari in supposedly secure sessions.
The SSL security bug was also found to be present in OS X, as new research over the weekend revealed that additional apps such as FaceTime and iMessage could be compromised. Apple confirmed to Reuters that it will issue an OS X software update "very soon" to patch the bug.
Popular Stories
Apple plans to announce new products "this week," according to Bloomberg's Mark Gurman.
Apple's "Mac Your Calendars" teaser last October
In his Power On newsletter today, Gurman said the products set to be updated this week include the iPad Pro, Vision Pro, and "likely" the base 14-inch MacBook Pro, with all three likely to receive a spec bump with Apple's next-generation M5 chip.
Gurman...
Apple's software engineers are internally testing iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions.
iOS 26.0.2 will likely be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet.
The update will likely be released within the next few weeks.
Last month, Apple released iOS...
Buried in its announcement about "F1: The Movie" making its streaming debut on December 12, Apple has also announced that Apple TV+ is being rebranded as simply Apple TV.
A single line near the end of the press release states "Apple TV+ is now simply Apple TV, with a vibrant new identity," though Apple's website has yet to be updated with any changes, so we're unsure on the details of the...
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly a year away, a handful of new features and changes have already been rumored for the devices.
Below, we have recapped some of the early iPhone 18 Pro rumors so far.
Smaller Dynamic Island
The standard iPhone 18, iPhone 18 Pro, and iPhone 18 Pro Max will be equipped with a slightly smaller Dynamic Island, but the devices will...
After releasing AirPods Pro 3 last month, Apple is already working on the next AirPods Pro, according to Bloomberg's Mark Gurman.
It is unclear if the new AirPods Pro would be branded as AirPods Pro 4, or if they would be considered an updated version of AirPods Pro 3. Gurman did not take a position, opting to describe them as a "new version" of the "high-end in-ear buds."
AirPods Pro 2...
Apple marketing chief Greg Joswiak today teased the launch of an upcoming product, saying "something powerful is coming" on social media.
Subscribe to the MacRumors YouTube channel for more videos.
A short animation accompanying Joswiak's teaser reveals a brief glimpse of a MacBook Pro along with the words "coming soon." The shape of the MacBook Pro is a V, which is the Roman numeral...
Apple's second-generation smart glasses with an in-lens display may have two modes, depending on which device they are connected to.
Meta Ray-Bans without an in-lens display
In his Power On newsletter today, Bloomberg's Mark Gurman said he was told a future version of Apple's smart glasses may be able to run a full version of the visionOS operating system when they are paired with a Mac, and...
Update: the Naver account appears to be referencing a speculative post on X by Vadim Yuryev, dated October 6. The original article follows.
Apple will announce new products through a series of press releases beginning as soon as next week, according to a dubious claim posted on the Korean blog Naver.
The Naver blog account yeux1122, which aggregates rather than originates Apple...
Apple is going to launch a new version of the MacBook Pro as soon as tomorrow, so we thought we'd go over what to expect from Apple's upcoming Mac.
M5 Chip
The MacBook Pro will be one of the first new devices to use the next-generation M5 chip, which will replace the M4 chip.
The M5 is built on TSMC's more advanced 3-nanometer process, and it will bring speed and efficiency improvements. ...
