Vuln allows deathless malware to continue spying even after shut down.
By: 27 Aug 2015 at 08:29, John LeydenA newly discovered vulnerability allows an iOS application to continue to run for an unlimited amount of time, even if an application gets terminated by a user.
The flaw – dubbed Ins0mnia – potentially allows any iOS application to bypass Apple background restrictions, security researchers at FireEye warn.
FireEye notified Apple soon after discovering Ins0mnia. In response, Apple's security team confirmed this vulnerability was fixed in iOS 8.4.1. Users running older versions of iOS would be well advised to update their devices.
Sleepless
Normally an iOS application can only run in the background for a limited time (typically three minutes) before the application is suspended by Apple's operating system. Ins0mnia skirts this restriction.Apps that might use the feature to keep on running would not be visible in Task Switcher. Shutting down such an iOS app using the Task Switcher dashboard would not stop it from running either.
The attack involves fooling an iThing into believing that an iOS application was being debugged, preventing the system from suspending the application when the permitted background duration expired.
FireEye has put together a demo video showing a malicious iOS application that the user believes they've terminated, but which keeps running without the user’s knowledge. The proof of concept nasty sends victim location updates to an attacker.
full article