It turns out iOS 8.4.1 is vastly more important than Apple let on. What we were told was just a major overhaul to the Music application on iPhone, iPad, and iPod touch, also included an important security patch.
The research team at FireEye Securities discovered a vulnerability in Apple’s iOS that would allow any application to continuously run in the background for any length of time. Normal applications are switched off automatically after running in the background for about 3 minutes. This helps protect the user’s security as well as preserve battery life.
FireEye’s original blog post goes on to explain background app run-time limitations.
This limitation not only helps ensure predictable responsiveness in user interaction, it also prevents any app from eavesdropping in the background. For example, a music app may have legitimate reason to ask permission to access GPS location and microphone while working on the foreground, but few users would want the app to run in the background to continually monitor GPS locations and recording audio. The control by iOS is supposed to prevent such abuse of permissions.”
The vulnerability, they call ins0mnia, would allow the operating system to believe a malicious app was in “debugging” mode, lengthening the amount of time it could run in the background, essentially collecting whichever data it wants from the user. Because this “security hole” was actually created with Apple’s own innocent intentions, any “legitimate” application found on the App Store could take advantage of ins0mnia, not just illegitimate apps found on Jailbroken iPhones.
The security vulnerability was fixed in iOS 8.4.1, and was sadly underreported. Apple did not make any mention of the fixed security flaw leaving most users unaware iOS 8.4.1 was a completely necessary update.
There is some good news, however. We are currently unaware of any applications that actually took advantage of the security flaw, so we can assume the issue was fixed before it was actually a problem.
Now that we know iOS 8.4.1 was much more than a Music application upgrade, we urge users to update to the newest software. It seems that Apple swept the issue under the rug, but you shouldn’t. If this is any indication of the future, make sure to update your iOS device as soon as possible.