Noticed the recent string of iOS updates? Here’s what you need to know and do!
Last year apparently iPhone users spent an average of around 4 hours a day on their phone. ; every day they process, manage, transmit and store our personal data, memories, information on our entertainment and social preferences, our personal, professional and community engagements, our consumption and spending habits and may even control smart homes.
With so much at stake, it’s crucial to stay informed about potential vulnerabilities and take action to protect your device. Recently we’ve seen a number of alerts released by Apple informing iOS and macOS users of a series of zero day vulnerabilities. Let’s take a look at what this means, why now, and the importance of regularly updating your iPhone’s operating system software.
Understanding iOS Vulnerabilities
Every piece of software, including the iOS operating system that powers your iPhone, has vulnerabilities that can be exploited by malicious actors. These vulnerabilities can range from minor glitches to critical security flaws. Hackers and cybercriminals actively seek out these weaknesses to compromise your device and get access to your personal or company data to on-sell, use for other targeted attacks or gather credentials they can use to attempt access to other systems you have access to.
It’s crucial to stay vigilant and address these vulnerabilities promptly to prevent potential financial loss, identify theft, or data breaches. This is precisely what the Australian Cyber Security Centre lists Patch operating systems as one of the Essential Eight Strategies to Mitigate Cyber Incidents.
Apple regularly releases software updates for iOS, iPad OS and macOS to enhance performance, introduce new features, and most importantly, patch security vulnerabilities. Not every major update will relate to a critical security issue and many updates relate to new feature releases and bug fixes. But from time to time technology vendors and manufacturers will release out-of-cycle emergency patches or updates, usually in response to newly detected or exploited vulnerabilities.
Whilst you might be tempted to delay updating because you want more time to learn about the new features or you’re are worried about battery or storage capacity, updates that patch or mitigate emergency or critical security issues should be prioritised and actioned as soon as possible.
What is a Zero-Day Vulnerability?
This year, there has been a spike again in zero-day vulnerability patches released. A zero-day vulnerability, often referred to simply as a “zero-day,” is a type of software vulnerability or security flaw that is not publicly known or disclosed to the software vendor or the public. This term “zero-day” comes from the fact that the software vendor has literally zero days to fix the issue or release a patch before malicious actors can potentially exploit it, making them an extremely high-risk and dangerous.
Over September / October Apple has released at least two zero-day vulnerability updates, taking Apples zero-date update total to 17 so far this year!
Why are there so many updates? Does this mean Apple devices are more vulnerable?
This year’s frequency of security updates aimed at Apple devices has caused some alarm amongst advocates and customers, but security experts are quick to assure this is not a sign that hackers are singling out Apple devices. Many zero-day exploits target the open source code used by many different vendors, including Apple, Microsoft and Google, and all of these vendors have faced similar challenges this year.
A more salient contributing factor to the recent spike in zero-day attacks, is that typically zero days are the domain of organised threat actor groups or nation state actors. The tactics executed by these types of groups are modern-day cyber warfare tactics, and have been increasingly prevalent since the start of the Russia-Ukraine and other conflicts. So it follows, as more regional conflicts arise, so too will zero-day-style attacks and their spill-over effects to other regions, businesses and individuals alike.
Don’t telcos or IT providers manage the updates?
Typically – no, but in some cases – it depends…
Hands-on support for personal mobile devices, even if they hold your work-related data as well, is generally not covered by IT Support or Managed Service Providers, unless those devices are company-owned devices AND have mobile device management software installed and centrally managed.
For organisations or company phone users, this is something worth checking, because unless company mobile devices are specifically included and explicitly listed as supported or managed under your company’s Managed Services Agreement, then any assistance deploying, monitoring or managing personal device updates will likely incur additional costs, or perhaps not even be possible at all.
Also it’s important to note that your telco is unlikely to be doing the heavy lifting for you either – once you buy your device and set-up your plan, all things security are generally your responsibility!
How to update your Apple device and keep it up to date!
Not sure if you’re on the latest version? Here’s how to find out what the latest version is, and where to go for guidance on how to update your iOS.
- Keep a regular eye on Apple security releases and the latest iOS versions – The are published Here
- Have auto-updates turned on – Find out how here.
- Manually install updates when advised – Find out how here.
Remember too that for personal devices of any kind, the key is to ensure that you understand and follow essential cyber security recommendations, including having MFA turned on wherever possible, keeping the apps you have installed up to date, and ensuring back-ups are turned on and functioning.
The Australian Cyber Security Centre has a wonderful series of guides to take you through how to protect yourself and your devices. Head on over to: www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-security-guides
Ready to update your iPhone iOS now?
Manually updating your iPhone is a straightforward process:
- Go to “Settings” on your device.
- Scroll down and tap “General.”
- Select “Software Update.”
- If an update is available, tap “Download and Install.”
- Follow the on-screen instructions to complete the installation.
Always ensure your device is connected to Wi-Fi and has sufficient battery life (or is plugged in) before starting the update.
Get in touch today to explore Mobile Device Management and Managed IT Security Service options to assist your organisation to keep your devices visible, managed and secure.
