![]() Whatever role we play, from knowledge worker right up to CEO, we must sharpen our individual responses. This particular event serves as a reminder that most of us are not taking security as seriously as we need to. It means anyone who takes advantage of these weaknesses would essentially have the keys to the kingdom, and not applying the fix immediately would be the technological equivalent of leaving the front door of your house wide open as an invitation to criminals. This would allow them to take full control of the device, install any kind of malware or spyware that they wish, and harvest all data, contacts, authentication, you name it, all without the target user's knowledge. That explains why they ship with hidden flaws buried deep within them, and why those flaws tend to get discovered over time.Įven so, while this happens somewhat regularly, this particular case is especially worrisome – which largely explains why it received so much play in mainstream media.Īpple’s warning focused on two vulnerabilities - one in the kernel, the very core of the operating system, and the other in WebKit, which powers the browser - that could potentially allow an attacker to gain administrator-level access to a target device. So there is no way any company – even one as powerful and resource-rich as Apple – can realistically or feasibly know up-front about every particular vulnerability, or every manner in which a vulnerability can be exploited. In fairness to Apple, Microsoft, Google, and every other tech vendor, operating system software is incredibly complex, and vulnerabilities can lurk quietly amid the millions of lines of code, often for years on end. In this specific case, anyone using a modern and currently supported Apple device needs to update to the following OS versions: ![]() End-users must ensure it gets downloaded and installed.The vendor assigns developers to build, test, and distribute an update.Said researcher then lets the vendor know.First, a researcher or some other member of the broader community finds a weakness.As software developers, this is an issue that hits particularly close to home for us and our clients – and we need to rethink how we manage cases like this.ĭespite the headlines this time out, these kinds of events happen on an almost daily basis, and they tend to play out in a consistent manner: And why it’s long past due for employers and employees alike to change their behaviors when it comes to updating their software. We’ve become almost numb to the never-ending threat landscape, to the sky-is-falling warnings that it’s time, yet again, to batten down the hatches.Īt the same time, it's just as easy to understand why we can’t afford to ignore the warnings. ![]() ![]() After all, hardly a day goes by that we’re not receiving yet another warning that our favorite Windows PC, Android phone, Ring smart doorbell, or Roomba smart vacuum cleaner needs a software update to patch a weakness that seemingly came out of nowhere. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |