Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
15th May 2020
As many of you will know I have been banging on about mobile threats for years now and more so about the general perception that iOS is secure… probably most notably recently when I spoke about the Jeff Bezos hack.
At the time of the Bezos hack, we really did wonder if this was the moment when MTD became a necessity as part of an organisation’s security solutions…
And then this thing called COVID-19 came along and the IT world (quite rightly) looked elsewhere – keeping the lights on in a remote working situation took precedence.
As is always the case though, the problem hasn’t gone away. In fact, recent weeks haven’t been particularly good for iOS, with several high-profile exploits being exposed – perhaps most notably with the email client being susceptible to attack from a single email that can crash the email client and exfiltrate data.
A New Low?
But the news this week that Zerodium, a “software exploit broker” (hint – buys Zero-day exploits) is no longer paying out for iOS bugs due to oversupply, is perhaps a new nadir for iOS 13. In other words – they have more than enough exploits for the time being thanks… no need to buy any more.
iOS 13 – it really has been unlucky 13 for Apple. I’ve spoken before about it being the buggiest release that I think Apple has put out, but this news perhaps underlines that it has potentially also become an easier target as well.
Well – number 1 please do keep patching your iOS. I’ve heard of organisations holding back on iOS release because of the bug concerns, but as is always the case, an iOS update is a mix of features and security patches… and as the above shows, your best bet of staying ahead of attackers is to make sure you’re running the version with the least known exploits.
But again, as the Bezos hack showed, you really need something to give you visibility of what’s happening on your endpoints. You can’t act if you’re blind to the issue! iOS remains a well-built Operating System, but the idea that it is immune to attack should now be laid to rest.
Get in touch – you really need to have a Mobile Threat Defence solution in place now!