Do you think your Apple products are secure? The myth that our Macs and iOS devices are "not a target" as compared to Windows and Android devices is just that... a myth. While recent reports suggest that Android devices are far more vulnerable, there is a growing number of iOS (basically, your iPhone) flaws being discovered. The implications are disturbing.
ZDNet reports that researchers from security firm SourceDNA have discovered a flaw which impacts Secure Sockets Layer (SSL) code in older versions of a networking library called AFNetworking that developers use when building iOS apps. The latest version of AFNetworking, 2.5.3, fixes a weakness in the library's domain name validation process. SourceDNA, the security firm that discovered the recurrent flaw, has said that at least 25,000 apps are still running an outdated version.
What it means to us:
- Our iPhones are vulnerable to compromise while we sit in the local cafe using our apps (i.e. Citrix OpenVoice Audio Conferencing, the Alibaba.com mobile app, Movies by Flixster with Rotten Tomatoes, KYBankAgent 3.0, and Revo Restaurant Point of Sale to name a few).
- Hackers can use this vulnerability to take control of our devices and then gain entry into networks to which we connect (i.e. our company's network!)
IANS blog reports that the implications are potentially severe for companies that allow employees to bring their own devices (BYOD) and connect them to corporate networks.
Does your company have a BYOD policy? Do vulnerabilities such as the one linked above get fixed as part of the BYOD policy, or is it up to the employee to keep their devices secure on behalf of the company? Do Mobile Device Management (MDM) systems keep pace well enough to make BYOD viable?
Comment back... I'd love to know where your awareness and policies stand on this issue.
Post A Comment:
0 comments: