Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Outdated iOS Devices a Threat to Enterprise Networks

iOS Vulnerabilities

iOS Vulnerabilities

Old, outdated iOS devices pose a significant risk to the network of any organization, and could easily put the business at risk of a data breach, a recent report from security firm Duo Security said.

Due to the fact that older devices often run operating systems that contain vulnerabilities patched in newer releases, even a single compromised iOS device connected to a network could put it in danger, and enterprises should make sure they have full visibility into the types of devices their employees use.

According to Duo Labs, half of the iPhones in use today run under OS 8.3 or older, which means that they are not protected against a whopping 100 known vulnerabilities that have been patched in iOS 8.4 and 8.4.1. Two of these are Ins0mnia and Quicksand, which allowed apps to steal data and exposed enterprise credentials and sensitive configuration details in an unprotected iOS directory, respectively.

Furthermore, the security firm notes that 31 percent of all iPhones are still running iOS 8.2 or lower, which means that they don’t have patches for more than 160 vulnerabilities. Worse than that, 14 percent of all iPhones run under iOS 7 or below.

Duo Labs found that roughly twenty million iPhone users cannot receive security updates because they have old devices, some of them still using five-year-old hardware that is no longer supported by Apple, which leaves them exposed to a large number of already known vulnerabilities.

“Based on our estimates, around 20 million iPhones are running on hardware that can’t receive security updates. In some cases, there are iPhone 4 devices running 7.1.2, but there are even older devices running even older iOS versions. That’s a huge risk to enterprise environments,” the security firm notes.

At the moment, iPhone 4s is the oldest platform that Apple still supports and which is expected to receive support in iOS 9 as well. However, should the company stop offering support for this version, around 60 million devices will no longer receive security updates.

While users can do nothing to improve the security of their devices, enterprises can set specific BOYD rules to prevent outdated devices from compromising their networks. This is important because many users are slow on installing new software releases.

Advertisement. Scroll to continue reading.

“When iOS 8.4.1 was released to patch over 70 vulnerabilities, including Ins0mnia and Quicksand, only 9 percent of users updated to the latest version. Again, user awareness here is key – the goal is to update as soon as updates are available on their device,” Duo Labs said.

Organizations can also educate users on the importance of keeping their devices updated, and can provide them with information on how they can streamline the process, and can help them find convenient times to update.

While this study focused on risks around iOS, the same situation can happen with any outdated mobile operating system, such as the popular Android platform.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights