| Individuals October 12, 2015


October 12, 2015

The real story behind those software updates

By Lookout

Software-HeroImage
Updating your software is sometimes an inconvenience, but it’s also necessary to keeping up your mobile security hygiene.
Sometimes updates require connecting to a power source, backing up data, or temporarily losing access to an app or service while the update processes. Whatever the reason, oftentimes we see that little tally of available updates increase and increase.
The problem is, there are many critical security fixes that get pushed through these OS and app updates and when we ignore them, we leave ourselves vulnerable and open to attack.
It just says “bug fixes” and feature upgrades, why should I care?
Those “release notes,” or the details that show you what you’re getting in a software update don’t often tell the whole story. Take, for example, these updates:
IMG_4521 IMG_4520
These are real release notes in the “What’s New” section from apps affected by a piece of malware called XcodeGhost. The updates, though, just look like run-of-the-mill feature changes. In the first image you only see “Support for iOS 9.” This is vague and it doesn’t mention anything about security, but, in fact, the app had updated to get rid of the malware.
In the second screenshot, listed at the bottom of the notes, you see a more detailed reference to, “Security issue caused by external malware affecting v6.2.5 was fixed in v6.2.6 and above.” This also references XcodeGhost and an update to get rid of the malware.
Latest and greatest
You always want to be running on the most up-to-date software on your device. In the security industry, when software is “patched,” that often means researchers can publish their findings -- meaning bad guys and good guys alike suddenly have more information about vulnerabilities and other problems. Releasing this information is a good thing because it helps security teams learn how to secure their software, but it also means that people need to download the latest patches to make sure they’re safe.

Author

Lookout

Leave a comment

Submit


1 comment


Richard Brown says:

October 12, 2015 at 10:10 pm

Please help me change my gmail please help me change it to new one ive ben tryin 4 3 days thak you?


Meghan Kelly says:

October 14, 2015 at 9:49 am

Hi Richie, sorry to hear you're having trouble. Please reach out to our support team at: support [at] lookout [dot] com