Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Outdated iOS Devices a Threat to Enterprise Networks

iOS Vulnerabilities

iOS Vulnerabilities

Old, outdated iOS devices pose a significant risk to the network of any organization, and could easily put the business at risk of a data breach, a recent report from security firm Duo Security said.

Due to the fact that older devices often run operating systems that contain vulnerabilities patched in newer releases, even a single compromised iOS device connected to a network could put it in danger, and enterprises should make sure they have full visibility into the types of devices their employees use.

According to Duo Labs, half of the iPhones in use today run under OS 8.3 or older, which means that they are not protected against a whopping 100 known vulnerabilities that have been patched in iOS 8.4 and 8.4.1. Two of these are Ins0mnia and Quicksand, which allowed apps to steal data and exposed enterprise credentials and sensitive configuration details in an unprotected iOS directory, respectively.

Furthermore, the security firm notes that 31 percent of all iPhones are still running iOS 8.2 or lower, which means that they don’t have patches for more than 160 vulnerabilities. Worse than that, 14 percent of all iPhones run under iOS 7 or below.

Duo Labs found that roughly twenty million iPhone users cannot receive security updates because they have old devices, some of them still using five-year-old hardware that is no longer supported by Apple, which leaves them exposed to a large number of already known vulnerabilities.

“Based on our estimates, around 20 million iPhones are running on hardware that can’t receive security updates. In some cases, there are iPhone 4 devices running 7.1.2, but there are even older devices running even older iOS versions. That’s a huge risk to enterprise environments,” the security firm notes.

At the moment, iPhone 4s is the oldest platform that Apple still supports and which is expected to receive support in iOS 9 as well. However, should the company stop offering support for this version, around 60 million devices will no longer receive security updates.

While users can do nothing to improve the security of their devices, enterprises can set specific BOYD rules to prevent outdated devices from compromising their networks. This is important because many users are slow on installing new software releases.

“When iOS 8.4.1 was released to patch over 70 vulnerabilities, including Ins0mnia and Quicksand, only 9 percent of users updated to the latest version. Again, user awareness here is key – the goal is to update as soon as updates are available on their device,” Duo Labs said.

Organizations can also educate users on the importance of keeping their devices updated, and can provide them with information on how they can streamline the process, and can help them find convenient times to update.

While this study focused on risks around iOS, the same situation can happen with any outdated mobile operating system, such as the popular Android platform.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...