CNET.com reports that the 3.0 update for the iPhone fixes 46 security holes. Vulnerabilities in mobile phone OS’ aren’t a new thing but I find this number to be particularly troubling.
First, the fact that these vulnerabilities were not fixed until a major update is unsatisfactory. Many of these fixes that were rolled out in 3.0 patched holes that allowed “application termination or arbitrary code execution.” If this was an issue with Microsoft software that community would be up-in-arms about it. The iPhone is less of a phone and more of a medium to stay digitally-connected to the world, including social networks and banking applications. The potential for someone to exploit an iPhone and steal data is very real and Apple needs to take this threat seriously.
Secondly, I am surprised that these weren’t discovered by any of the various groups “hacking” the iPhone. The community needs to get better at identifying and disclosing these risks and holding Apple accountable. How many months until the next major, or minor, update to the phone? And in those months how many vulnerabilities will not be patched until the upgrade occurs?
If we as professionals, and users, are to hold Microsoft’s feet to the fire to fix their software should we not hold other vendors accountable as well? Threats to our data are ever-increasing and ever-evolving and as the world shifts to true mobile computing the risks of private data disclosure are becoming more prevalent. Let’s hope that the major software and mobile phone providers get on the train early to secure their devices. Without their assistance and diligence we may as well publish our Social Security Numbers on our blogs.
Popularity: 4% [?]
