Skip to main content

An Update on Mobile OS Updates

April 02, 2014

When should I update my mobile device?

Many of the customers I meet with most often ask for a recommendation or guidelines on the application of mobile OS updates (Android, iOS, etc.). For corporate customers, this can be difficult as there is no way to leverage device management technology to centrally manage or control the distribution or application of OS updates. Consumers, on the other hand, have a different challenge with understanding the technical reasons and knowing when to patch their devices to protect against known security flaws and exploits.

News about an SSL vulnerability has made the rounds recently. A new exploit, which affects users of iOS 6.1.x, 7.0.4-7.0.6, allows the attacker to capture screen touches, home button presses and TouchID presses using a “monitoring” app.

As you can imagine, this presents a very serious and critical security flaw that has the potential to put your personal and corporate - for those using your device to connect to corporate resources- information at risk. It is important to note the scenario described above is very specific and was conducted in a controlled environment. I used the exploit above, which is a Proof of Concept, to illustrate what is possible and the associated risks faced when a device is exploited.

So, when should you update your device? Let’s face it. The reality is most of us, corporate and consumer users alike see an update notification come in, and we simply hit the button to download and install without fully understanding the ramifications. We place our trust blindly in the device maker to ensure the update package contains only good things to protect our information and keep our trusty sidekicks running smoothly. That sounds like a good idea, right? Unfortunately, the device makers’ track record is far less than perfect. I am sure we all know someone or have heard stories about someone who has lost their data or had to restore their device to factory defaults as a result of a failed update.

The good news is there are a couple of things you can do to determine if and when you should apply an update. Apple includes a link, just beneath the update button, to a webpage that will provide details on the update. Android users, due to the sheer amount of devices and OS versions available, will have to wait patiently as the carriers (i.e. Verizon, AT&T, Sprint, etc.) administrate and distribute the updates. Additionally, there are third party websites as well as a team of Mobile Security experts at FishNet Security that can provide first-hand reviews of the updates for all platforms. These reviews will often be accompanied with an impact analysis that will assist in determining whether or not you should apply the patch.

What should you do going forward? As you can probably guess, there really isn’t a “silver bullet” type of response to be offered. Each update needs to be evaluated to determine if it will have a positive impact. Some updates will repair minor flaws and/or offer minor feature enhancements that you may or may not care about. Conversely, some updates will be major in scope and patch security holes and/or repair critical functions that you should apply immediately. Educating yourself on the differences will go a long way in determining the impact provided by the device maker.

It is recommended as best practice to:

  • Backup your mobile device(s) on a regular basis.
  • Prior to an OS upgrade, update your apps.
  • Research issues by leveraging resources that have a mobility focus.
  • Educate yourself before a decision is made on applying an update.

Related Blogs

November 05, 2015

Always Use Protection

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device sec...

See Details

August 11, 2015

Pull My Finger...print

It appears yet another Android vulnerability has been identified that is worthy of mention. As you may know, a few days ago at the Black Hat conferenc...

See Details

May 05, 2011

Mobile Security Universal Issues | Optiv

It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security.  A lot of these conver...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

May 05, 2011

Mobile Security Universal Issues | Optiv

It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security.  A lot of these conver...

See Details

July 15, 2014

Application Security by Obscurity | Optiv

“Security by obscurity” is a pejorative term to most in the security industry and with good reason. Typically, it’s just a matter of time before light...

See Details

May 17, 2017

Identity and Access Management Strategy Workshop

Learn how Optiv can help you align Identity and Access Management initiatives with business goals and best practices.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.