| October 12, 2015
October 12, 2015
The real story behind those software updates
Updating your software is sometimes an inconvenience, but it’s also necessary to keeping up your mobile security hygiene.
Sometimes updates require connecting to a power source, backing up data, or temporarily losing access to an app or service while the update processes. Whatever the reason, oftentimes we see that little tally of available updates increase and increase.
The problem is, there are many critical security fixes that get pushed through these OS and app updates and when we ignore them, we leave ourselves vulnerable and open to attack.
It just says “bug fixes” and feature upgrades, why should I care?
Those “release notes,” or the details that show you what you’re getting in a software update don’t often tell the whole story. Take, for example, these updates:
These are real release notes in the “What’s New” section from apps affected by a piece of malware called XcodeGhost. The updates, though, just look like run-of-the-mill feature changes. In the first image you only see “Support for iOS 9.” This is vague and it doesn’t mention anything about security, but, in fact, the app had updated to get rid of the malware.
In the second screenshot, listed at the bottom of the notes, you see a more detailed reference to, “Security issue caused by external malware affecting v6.2.5 was fixed in v6.2.6 and above.” This also references XcodeGhost and an update to get rid of the malware.
Latest and greatest
You always want to be running on the most up-to-date software on your device. In the security industry, when software is “patched,” that often means researchers can publish their findings -- meaning bad guys and good guys alike suddenly have more information about vulnerabilities and other problems. Releasing this information is a good thing because it helps security teams learn how to secure their software, but it also means that people need to download the latest patches to make sure they’re safe.