- About Us
- IT Services
- Consulting Services
- Cyber Security
- Cloud Services
- Our Clients
- Contact Us
It’s not a great month for iPhone users.
Just last week, Google published research showing that an iPhone-based cyber-attack has been going on for the past two years at least. The largest iPhone attack in history, this long-term cybercrime effort has been infecting iOS users with malware that steals their private data, including:
And not too long before that, another Google Project researcher published an article all about how iPhone software can be penetrated to give hackers remote access, even though none of it operates as conventional “server side” code.
If you’re an iPhone user, the question you have to ask yourself is whether you really understand the vulnerabilities you’re exposed to. Furthermore, do you know how to best eliminate them?
First thing’s first – should you be worried right now?
Not if you’re up to date. If you’re currently an iPhone user and you keep your operating system updated, then you’re secure. Apple recently released a patch for these vulnerabilities, so be sure to update your iOS immediately if you’ve been putting it off.
How to update your iOS:
This vulnerability is based on remote code execution (RCE), which allows cybercriminals to trick users into giving them access to their iPhone without actually changing permissions, receiving warnings, etc.
Beyond that is a fully remotable exploit (FRE), which doesn’t even require any action from the iPhone user to provide access to the hackers. It can occur so long as the device is turned on.
This all starts with the iPhone user visiting a website that hosts malware designed to execute RCE or FCE. Despite there being no “Are You Sure?” dialogue, and no request for the user’s password before executing RCE or FCE, it can happen all the same.
Some of the most well-known examples of this type of attack are the Internet Worm of 1988 and the SQL Slammer Virus of 2003. These attacks worked by sending data that your computer was used to receiving but didn’t actually know how to manage properly, allowing cybercriminals to include executable code and gain RCE.
This is yet another example of why it’s important to keep your technology patched and updated.
Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users. This is why it’s imperative that you keep your applications and systems up to date.
Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.
But as you’ve learned, doing so can put you at risk, so don’t put it off.
Like this article? Check out the following blogs to learn more: