Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs
Researchers from security firm FireEye have revealed a new bug in iOS that enables a malicious app to monitor and log a user's touch inputs and button uses while running in the background, reports Ars Technica. The exploit reportedly targets a flaw in iOS' multitasking capabilities to capture user inputs, and allows for them to be sent to a remote server.
To demonstrate the flaw, the researchers created a proof-of-concept monitoring app and developed approaches to "bypass" Apple's App Store Review process effectively. Once the app was installed on an iOS device, actions including keyboard inputs, use of the volume, home, and power buttons, screen touches with exact coordinates, and Touch ID events were all captured. The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.
FireEye also spoke about the flaw being identified in current versions of iOS:
Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
The group added that it is actively working with Apple on the issue, although the company has yet to comment publicly. The news comes less than a week after Apple issued iOS 7.0.6 in response to a SSL vulnerability that allowed a hacker to capture or modify data from Safari in supposedly secure sessions.
The SSL security bug was also found to be present in OS X, as new research over the weekend revealed that additional apps such as FaceTime and iMessage could be compromised. Apple confirmed to Reuters that it will issue an OS X software update "very soon" to patch the bug.
Popular Stories
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed.
Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles."
If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself.
Here's the case for Apple releasing a truly all-screen iPhone with no...
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update.
Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September.
Below, we recap the key...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
Subscribe to the MacRumors YouTube channel for more videos.
Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup.
If you skipped the iPhone...
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Apple today released iOS 18.4.1 and iPadOS 18.4.1, minor updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.4.1 and iPadOS 18.4.1 come two weeks after the launch of iOS 18.4 and iPadOS 18.4.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.
There have been complaints about ...
Apple today released tvOS 18.4.1, a minor update to the tvOS 18 operating system that came out last September. tvOS 18.4.1 comes two weeks after Apple released tvOS 18.4, and it is available for the Apple TV 4K and Apple TV HD models.
tvOS 18.4.1 can be downloaded using the Settings app on the Apple TV. Open up Settings and go to System > Software Update to get the new software....
Apple has quite a few security features that it's added to iPhones, iPads, and Macs over the years. Now more than ever, it's important to make sure you're taking advantage of the built-in security tools that are available to keep yourself and your data safe, so we've rounded up a list of the most important options.
If you don't already have these enabled, you might want to consider turning...
