Login to your account

Username *
Password *
Remember Me

Blog

Apple iOS security Apple iOS security Adobe Stock

Apple security update - 5 lessons for the hybrid workforce

It’s easy to understand why most of us might not have immediately dropped everything to update our iPhones, iPads, and Macs after Apple recently confirmed that researchers had helped uncover a serious vulnerability in the operating systems that power its devices.

NEVER-ENDING WARNINGS

After all, hardly a day goes by that we’re not receiving yet another warning that our favorite Windows PC, Android phone, Ring smart doorbell, or Roomba smart vacuum cleaner needs a software update to patch a weakness that seemingly came out of nowhere. We’ve become almost numb to the never-ending threat landscape, to the sky-is-falling warnings that it’s time, yet again, to batten down the hatches.

At the same time, it's just as easy to understand why we can’t afford to ignore the warnings. And why it’s long past due for employers and employees alike to change their behaviors when it comes to updating their software. As software developers, this is an issue that hits particularly close to home for us and our clients – and we need to rethink how we manage cases like this.

 

THE NEW NORMAL

Despite the headlines this time out, these kinds of events happen on an almost daily basis, and they tend to play out in a consistent manner:

  • First, a researcher or some other member of the broader community finds a weakness.
  • Said researcher then lets the vendor know.
  • The vendor assigns developers to build, test, and distribute an update.
  • End-users must ensure it gets downloaded and installed.

In this specific case, anyone using a modern and currently supported Apple device needs to update to the following OS versions:

  • iOS 15.6.1 or higher
  • iPadOS 15.6.1 or higher
  • macOS Monterey 12.5.1 or higher

In fairness to Apple, Microsoft, Google, and every other tech vendor, operating system software is incredibly complex, and vulnerabilities can lurk quietly amid the millions of lines of code, often for years on end. So there is no way any company – even one as powerful and resource-rich as Apple – can realistically or feasibly know up-front about every particular vulnerability, or every manner in which a vulnerability can be exploited. That explains why they ship with hidden flaws buried deep within them, and why those flaws tend to get discovered over time.

Even so, while this happens somewhat regularly, this particular case is especially worrisome – which largely explains why it received so much play in mainstream media.

Apple’s warning focused on two vulnerabilities - one in the kernel, the very core of the operating system, and the other in WebKit, which powers the browser - that could potentially allow an attacker to gain administrator-level access to a target device. This would allow them to take full control of the device, install any kind of malware or spyware that they wish, and harvest all data, contacts, authentication, you name it, all without the target user's knowledge.

It means anyone who takes advantage of these weaknesses would essentially have the keys to the kingdom, and not applying the fix immediately would be the technological equivalent of leaving the front door of your house wide open as an invitation to criminals.

This particular event serves as a reminder that most of us are not taking security as seriously as we need to. Whatever role we play, from knowledge worker right up to CEO, we must sharpen our individual responses. From an organizational perspective, these are the priority areas that business and IT leaders need to focus on, particularly as hybrid and remote work styles become more entrenched:

  1. Train end users better by incorporating software update best practices into existing courseware and documentation.
  2. Implement change management to keep better track in-use hardware both in the office and remotely.
  3. Include non-corporate hardware because personal devices running outdated code put corporate and resources at risk.
  4. Involve HR to ensure the right messaging around software updates is being included in ongoing employee communications, and the right behaviors are being encouraged and rewarded.
  5. Get employee feedback around what works for them, what doesn’t, and how they would improve end-user security. 

The immediate priority for all organizations supporting hybrid workers is to pay attention to these particular warnings from Apple, and ensure no device is left untouched. It certainly won’t hurt to apply updates immediately to all end-user devices regardless of vendor, as well.

Employees should also be encouraged to go into settings – for both corporate-owned as well as personal devices – and turn on auto-update, then check back regularly – every few weeks or so to ensure they’ve always got the latest version applied.

Here at STEP Software, we create software for a wide range of clients, and the benefits of a security-first culture around software updates extend well beyond simply avoiding unnecessary risk. By raising employee engagement around keeping devices, operating systems, platforms, apps, browsers, and technology in general fully up-to-date, organizations can ensure they’re getting the best possible returns out of their investments in tech.

 

 

 

Read 463 times Last modified on Friday, 30 September 2022 14:54
Rate this item
(0 votes)
5 Tips for Creating a Great UX  - STEP Software Inc. - Custom Software Development https://t.co/I4cPf4ngRS https://t.co/PmPDcrLJwr


Our exceptional talented developers and supportive team, combined with our highly effective, well-developed methodology has provided custom applications to Fortune 500 corporations and entrepreneurial companies.

 

Latest Posts from Blog

Staff Augmentation 101 – what you need to know to get started

Staff Augmentation 101 –...

NOTE: This article is the first in a planned serie...

Ukraine war holds critical cybersecurity lessons for all organizations

Ukraine war holds critica...

Nine months after Russian forces invaded Ukraine,...

Tech sector layoffs hold sobering talent management lessons for HR

Tech sector layoffs hold...

It isn’t just you: tech industry layoffs are trend...

Twitter, Elon Musk, and a critical lesson for developers

Twitter, Elon Musk, and a...

Elon Musk’s recent purchase of Twitter has ignited...

Ransomware and remote workers: 8 tips to stay safe

Ransomware and remote wor...

We already know the COVID-19 pandemic has rewritte...

Apple security update - 5 lessons for the hybrid workforce

Apple security update - 5...

It’s easy to understand why most of us might not h...

Why Quiet Quitting is especially worrisome in tech

Why Quiet Quitting is esp...

The hottest business buzzword of the year is actua...

9 Reasons to Choose Custom Software

9 Reasons to Choose Custo...

Off-the-shelf software has its place in most busin...

Could Your Organization Benefit From Utilizing Managed IT Services?

Could Your Organization B...

An article posted by Bluefin.com, a payment securi...

Is Your Organization Prepared for a Ransomware Attack?

Is Your Organization Prep...

Various reputable sources, including the United St...

Privacy Concerns: New Technology to Grade Meetings Through Surveillance of Attendees

Privacy Concerns: New Tec...

Like it or not, data collection technology is perv...

How SaaS is Changing IT Departments

How SaaS is Changing IT D...

As software as a service (SaaS) tools continue to...