August 13, Apple released an update iOS 8.4.1 with the elimination of vulnerabilities, including a security breach that allowed to transmit location data and other personal information from your device, even if the task was stopped by the user. In addition, a mobile application that exploits this vulnerability could quietly get through the App Store.
Researchers from the company FireEye has published a report with a detailed description of vulnerability, which they called Ins0mnia. The vulnerability allows to bypass a limitation in iOS that limits the app runs in the background, before it is automatically disabled. This restriction exists to prevent accelerated battery discharge device.
The ability Ins0mnia to circumvent these limitations not only compromises the personal data of the owner of the iPhone and iPad, but also may affect his work, notes Securitylab.
Exploitation of the vulnerability allows a malicious app to run in the background and for an unlimited time to steal important information without the participation and knowledge, the experts said FireEye Alessandro Reina, Mattia Pagnozzi and Stefano Bianchi, Mazzone.
According to the researchers, the main task is to make the device from Apple to think that in the app are free of defects, and thus avoid the imposition of restrictions. Particularly alarming is the fact that malware exploit this loophole, can work on iPhone and iPad without jailbreak, said the experts.