Lookout iWork. Lookout Google Docs.
App Store’s Late HTTPS Fix Underscores Ongoing Mobility Vulnerability
Apple released a fix in the latest version of its iOS mobile operating system, well-known as system that powers the company’s iPhones and iPads. Used by almost every site that is serious about encrypted traffic for the transmission of authentication or payment information, Hypertext Transfer Protocol Secure (HTTPS), was only partially implemented in Apple’s App Store. A Google researcher has documented a variety of different attacks an attacker could use to take advantage of non-HTTPS protected App Store transactions, including password stealing, app swapping, fake app upgrades, app upgrade/installation prevention and installed app list leak. These App Store vulnerabilities and exploits have been possible since at least July 2012, when they were first reported. While Apple has since patched the issue, the lack of HTTPS usage is largely unprecedented and the company’s delay in incorporating it is equally shocking.
While 46% of companies use mobile devices management (MDM) today, and more than 80% expect to have deployed a solution by the end of 2014, issues such as these demonstrate that MDM alone is not enough to secure iOS or Android devices.
ETA Bottom Line:
Mobile OS’ continue to show vulnerabilities and oversights in security that requires manufacturer intervention to fix. To truly safeguard mobile devices and the infrastructure they use, companies should evaluate network-based MDM (NMDM) and app control solutions.
- Big Data, Analytics and Virtualization
- Contact Center and Customer Engagement
- Cloud Delivery
- Cost Models and Total Cost of Ownership
- Enterprise Trusted Advisor
- IT Innovation, Transformation, and Enterprise Technology
- Mobile and Network Services
- Security & Compliance
- Unified Communications and Collaboration
Have you ever launched an app and watch the battery meter drop before your eyes or feel your smartphone go nuclear?
Contact center vendors have made some big announcements in the past couple of weeks, including more emphasis on the cloud and creating a unified portfolio that tightly integrates