Apple’s security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough to evade Apple’s security protections guarding the App Store from approving misbehaving apps. Researchers at FireEye today published a report on the vulnerability dubbed as “Ins0mnia”. The flaw bypasses restrictions imposed by Apple in iOS that limit how long an application is allowed to run in the background before it is automatically suspended. The restriction prevents eavesdropping. Users can take advantage of the iOS task switcher to shut off background apps if they so choose. Ins0mnia’s ability to bypass these limitations not only put user privacy at risk, but also could affect device performance. A malicious application could leverage the Ins0mnia vulnerability to run in the background and steal sensitive user information for an unlimited time without the user’s consent or knowledge and then be sent out to a remote server.
IT Security News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street