Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden

Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden


Apple’s security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough to evade Apple’s security protections guarding the App Store from approving misbehaving apps. Researchers at FireEye today published a report on the vulnerability dubbed as “Ins0mnia”. The flaw bypasses restrictions imposed by Apple in iOS that limit how long an application is allowed to run in the background before it is automatically suspended. The restriction prevents eavesdropping. Users can take advantage of the iOS task switcher to shut off background apps if they so choose. Ins0mnia’s ability to bypass these limitations not only put user privacy at risk, but also could affect device performance. A malicious application could leverage the Ins0mnia vulnerability to run in the background and steal sensitive user information for an unlimited time without the user’s consent or knowledge and then be sent out to a remote server.
 
Source:
 
Threat Post
 
IT Security News
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis