Are mobile users second-class citizens for patches?

Apple recently released a fix for several vulnerabilities with an update to iOS 7.  But something about the way those updates were released isn’t sitting right with security-conscious users. 

As security researcher Kristin Paget points out, the list of fixes looks nearly identical to the fixes Apple made to its desktop OS X … a full three weeks ago.

That’s not all that surprising. You’d expect the two OSs to have some similar architecture.

But armed with the knowledge that the two operating systems share many of the same vulnerabilities, what would stop a reasonably intelligent hacker from just trying out the vulnerabilities from OS X on the mobile version?

And with three weeks to play around with that, hackers have a big window of opportunity.

Mobile security is essential

There’s been a lot of fretting recently about iPad sales dipping below expected. And while delayed security patches clearly isn’t any significant part of the reason why, this might be another sign that the age of every worker using a tablet instead of a laptop is not coming anytime soon.

More importantly, it’s a wake-up call that despite your best efforts to have a safe BYOD or mobile work program, your hands might be tied. Your security will rely at least in part on users’ operating systems – which may or may not be a security priority.

Some tips for mitigating risks:

  • Have users update OSs. Despite this incident, Apple is fairly good at getting its newest version out to its users quickly. Relatively few Android users are on the latest OS, which is troubling when you consider that Heartbleed seems to affect an older version more seriously. Whatever the OS, make sure users update as soon as a patch is released.
  • Insist on anti-malware. This could help mitigate some of the risks from a vulnerable operating system – though it’s by no means perfect.
  • Encourage users to be on the lookout. If they notice a mobile device they use for work is having new or strange issues, IT should be one of their first stops.

 

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy