Apple's iOS platform is facing more security woes after researchers found a flaw that could let apps grab touchscreen impressions, even on non-jailbroken devices.
Security firm FireEye reported the findings in a blog post earlier this week, and demonstrated a proof-of-concept app that can measure touch interactions, including those on the Touch ID fingerprint scanner, which led to key-logging concerns.
"FireEye mobile security researchers have discovered [a] vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 successfully. We have been collaborating with Apple on this issue," it said in a blog post.
"We have created a proof-of-concept 'monitoring' app on non-jailbroken iOS 7.0.x devices. This 'monitoring' app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and Touch ID press, and then this app can send all user events to any remote server."
Malicious users could exploit the flaw – which the researchers said is present in iOS versions 7.0.4, 7.0.5, 7.0.6 and 6.1.x – by phishing a victim into loading a blighted or malicious app, after which they would be able to begin background monitoring.
V3 contacted Apple for comment on the flaw but had received no reply at the time of publication. Until a fix is released, FireEye advised to keep an eye on what apps you use and which ones you allow to continue running in the background.
"iOS 7 users can press the home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running in the background," advised FireEye.
The warning comes soon after Apple was forced to issue a quick fix for iOS after it realised that a coding error on the platform meant Secure Sockets Layer (SSL) technology was effectively redundant on devices.
Apple was slower to release a fix for this on its Mac OS X platform, although this did eventually arrive on Tuesday evening.
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum
Map selection, quick menus for grenades and healing items and automatic reload coming in PUBG update #22
Could be used for everything from search-and-rescue robots to wearable tech