If your company issues iPhones and iPads to users — or if they use their own as part of a BYOD program — make sure they’ve installed an important iOS update. The update to iOS 6.1 adds some key new features and fixes a few security vulnerabilities.
Most important for IT are the security fixes.
While more attention has been paid to Android security because of the rapidly increasing number of attacks being leveled against that platform, Apple’s mobile devices aren’t completely immune from security threats.
The iOS 6.1 fixes several vulnerabilities that could allow attackers to bypass certain security controls and potentially compromise a user’s device, according to Apple’s description of the iOS security patches.
The vulnerabilities include:
- An error in Identity Services that could allow hackers to get around security restrictions
- A flaw in the iOS kernel, which could allow attackers to access to the first page of kernel memory
- A StoreKit error that could allow Java to be turned back on automatically without notifying the user after it had previously been disabled, and
- Several unspecified vulnerabilities in WebKit, which could be exploited to corrupt memory or conduct
- cross-site scripting attacks.
Currently, iPhones (the 3GS version and later), iPads (iPad 2 and later), and iPod touches (4th generation and later) are vulnerable to those issues, and owners should apply the iOS update as soon as possible.
In addition to those security fixes, iOS 6.1 also adds several new features, including, for the iPhone 5, 4th-generation iPads and the iPad Mini, 4G LTE compatibility from dozens of new carriers.
Apple also introduced the ability to reset iOS’s Advertising Identifier, a tool advertisers use to identify and track devices and deliver targeted ads. By navigating to Settings>General>About>Advertising>Reset Advertising Identifier, users will be able to clear all data that was previously collected from their device.
To make sure the key iOS update is installed, IT can advise users to navigate to Settings>General>Software Update, and touch Download and Install.