Apple’s new software upgrade includes new security features to improve endpoint security on the iPhone 4 and later versions, especially when utilized by employees as part of a BYOD practice.
According to Apple, iOS 7 patches 80 known security vulnerabilities, making devices running iOS 6 and earlier systems at risk for infection and other issues. These include addressing issues with certificate trust policies, plus data protection and security, among many other improvements.
ZDNet stated that if the upgrade is not installed on a device, existing bugs could executive malicious code, use applications to discover passwords, send tweets without user permission through sandbox apps and control or interfere with telephony capabilities. Additionally, unpatched devices could experience data leakage despite protection under IPSec Hybrid Auth.
Patches and benefits
SilverSky CTO Andrew Jaquith said in a CSO article that Apple already had a secure operating system with multiple lock down options available before iOS 7.
“With iOS 7, companies will find many of their remaining needs addressed,” Jaquith said. “It’s clear that Apple is listening to their enterprise customers.”
For example, Apple stated in a mailing list announcement that iOS 7 resolves a privilege separation issue where cybercriminals could sidestep authentication restrictions to figure out a user’s password despite a “Erase Data” setting through an app within the third-party sandbox. This patch will greatly improve endpoint security and control, especially where lost or stolen devices are concerned.
Additionally, Apple soothed data leakage concerns with improvements to data security. According to the notification, a hacker could seize credentials and other sensitive information from devices earlier versions of iOS if using a privileged network position. A recently revoked sub-CA certificate has been added to the operating system’s list of untrusted certificates.
CSO also stated that with previous Apple operating systems, a criminal could perform a reset and input their own preferences, allowing them to utilize the device for themselves. However, on iOS 7, once an application lock is activated, a thief cannot use the phone through a system reset.
The upgrade demonstrated Apple’s commitment to their devices being secure as part of BYOD policies. Jaquith said iOS 7 also incorporates additional policies to securely lock down devices, including restriction options for Siri, AirDrop and Dropbox. Furthermore, corporate applications have been restricted from communicating with personal applications.
“In my opinion, Apple appears to have significantly improved the controls which help separate work and personal information,” said Fiberlink marketing director Jonathan Dale, according to CSO. “Users and companies should feel more secure that their data will not go to unintended places.