Apple security bugs highlight importance of mobile protection

Mar 03, 2014

2014-03-03 Apps.jpgWith the continued rise of bring-your-own-device efforts in many businesses, it’s becoming increasingly important to protect data and provide secure file sharing platforms. However, not all solutions are safe from the threat of malware and hacking attempts. Apple recently released a series of patches that would mitigate security holes, but dangers still abound for the developer.

Because many employees use Apple products for their daily tasks, IT staff must ensure that all updates are followed and that additional methods are used to protect sensitive information. Apple issued fixes for Macintosh computers that would mitigate the flaw allowing hackers to intercept data like email, according to Reuters. The vulnerability may have been present for months, and is believed to stem from how Apple recognizes digital certificates during encrypted connections. Because these elements are critical to hardware protection, the long-unnoticed error serves as a reminder that organizations should implement additional security measures.

This issue also occurred across iOS devices, requiring an update for SSL connection verification, according to International Business Times. As with the desktops, the Secure Transport was unable to validate connections, making it possible for attackers to collect or change information even when using SSL or TLS to protect the Internet activity. Because this danger is hard to detect, employee devices can fall to malware and incur data breaches.

The “gotofail” bug has put Apple users at risk for compromises and potential fines for lost business data. Even when programs directly from Apple were securely encrypted, users may have been affected by the vulnerability. IT managers must ensure that employee devices are up to date and that they have mobile access control to protect the information from unauthorized users and harmful bugs. As organizations continue to develop their mobile workforce, it will be integral to establish a policy and security measures to mitigate data loss.

Category: Data Security