Security researchers are FireEye discovered a new vulnerability “Ins0mnia” in iOS which allows malicious applications to run in the background of iOS devices forever. It keeps on running even if the process was terminated and no longer visible in the task switcher. FireEye reported this vulnerability to Apple and company published it in iOS 8.4.1 update. If you are iOS user running older iOS version, you must update it now.
This flaw allows an application to bypass Apple background restrictions and run forever in the device. When an application is downloaded in iOS device, it has a set time imposed by iOS on the app. This time is for suspending the app when it is not in use. In this way, no app can eavesdrop in background and app cannot abuse the permission granted by user. Users can also manually close the app from iOS task switcher.
But ins0mnia vulnerability allows app to bypass this time restriction and run in background forever. I you shutdown the app from task switcher, it will still run in background. In this way, any malicious app can steal the data of a device or spy a device to send data to attacker.
Apple fixed this vulnerability in iOS 8.4.1 update. If you are still running older version of iOS, it is recommended to upgrade as soon as possible.
You can read about this vulnerability in detail on FireEye Blog.
This video demonstrates how an app keeps on running even if user terminated from task switcher.
