updated 03:43 pm EST, Tue February 25, 2014
Even patched versions of iOS 6, 7 are exposed, firm says
A vulnerability in iOS could allow remote hackers to log every keyboard and button press a person makes, says security firm FireEye. The exploit is only theoretical -- and would require a compromised app to somehow make it through the App Store review process -- but is said to have been tested and could potentially expose both software and hardware interactions. This includes Touch ID unlocks, although not the actual fingerprint data involved.
The hole is present in even the latest versions of iOS 6 and 7. A now-deleted FireEye blog post claimed that the company actually passed a proof-of-concept app through the App Store, but that it's "collaborating with Apple" on the issue.
iOS appears to be exposed to the problem through the resources it offers to apps running in the background. If so, the main way of avoiding attacks until a patch is released is simply to avoid questionable apps, or if all else fails kill their processes using the iOS task switcher.