FireEye explains that they have developed a "monitoring app", which takes advantage of both the multitasking and the "background app refresh" features of iOS. Once started, the app disguises itself as, say, a music app. This prevents the system from suspending the malicious software, which collects all user events and sends them to a remote server.
Fortunately, users can thwart any event monitoring by opening the iOS task manager and manually closing any suspicious apps that are running on their device. FireEye also claims that it's cooperating with Apple on the issue.
Hopefully, a fix for the security breach will be implemented into the upcoming version 7.1 of the iOS mobile platform.