The research firm FireEye has discovered a security flaw within iOS7 that allows a malicious app to detect and track a user’s inputs while running in the background, without the user even realising. According to the research team, the flaw hides in the multitasking functionality of iOS and then transfers a user’s inputs to a remote server.

FireEye’s researchers developed a proof-of-concept monitoring app and installed it on an Apple device. It was able to record inputs such as keyboard strokes, the volume and power buttons and Touch ID authentication.


In order to fix the issue FireEye says the user needs to manually remove all open apps from the multitasking bar. The user would need to open the multitasking bar, by double clicking the home button, and then close each open app.

Appl has been working with the company to address this issue but so far has not officially confirmed the flaw. This comes at a bad time for Apple, as only last week it had to issue an urgent fix for another security flaw. Hopefully things will start to improve following the potential March release of iOS7.1.

[Image via tmonews]