Just a day after releasing a fix for authenticating SSL certificates, there's another security flaw found in iOS that's equally dangerous. It was recently found that iOS allows a malicious apps to keep a track on your keystrokes.
This flaw was found by a security firm called FirmEye. To prove that this flaw exists, the security firm uploaded a dummy app in Apple's app store. The dummy app was able to record touch and keystrokes when changing wallpaper, pressing buttons like home, volume up/down and TouchID buttons. The app then sent the records to a remote server. According to the security company, attackers can use these information for reconstructing every character that the victim uses to access any types of accounts.
It was also pointed out via FireEye's blog post that this exploit works even with the latest apple devices with iOS 7.0.4 non-jailbroken. It was also being found that the same vulnerability was in 6.1.x, 7.0.5 and 7.0.6 versions.
The fact should be noted by users that even though you shouldn't use any suspicious app, the app which records keystrokes and sends information to a remote server was downloaded from the app store. Also, as the security firm clearly said, attackers can mislead a victim to download and install such apps to track keystrokes.