Half of iPhones on corporate networks run outdated software

But those who do are often slow to update, adding to the problem.

(Image: CNET/CBS Interactive)

You may not hear about Apple malware as much as you might with Android, but it still exists. And for many companies, it's still a problem.

Duo Labs research released this week shows that about half of all iPhones on corporate networks are still running iOS 8.3 or earlier. That alone has left devices exposed to hundreds of widely-known vulnerabilities, including one of the more notorious -- the Ins0mnia and Quicksand vulnerability -- which attackers used to pilfer data and enterprise credentials from devices.

But when iOS 8.4.1 was made available, including patches for the Ins0mnia and Quicksand flaws among other critical vulnerabilities, only nine percent of those iPhones were updated.

And that's just for starters. Around 31 percent of all devices looked at were running an even older version of iOS, with 14 percent of iPhones running iOS 7, which was released in late 2013. Together, that racks up more than 390 separate vulnerabilities that are still able to target affected devices, such as stealing sensitive corporate data.

And all it takes is one vulnerable device to put an entire network of data at risk.

Companies and users don't just ignore updates, but those who do update are slow to act. When iOS 8.4.1 was released, more than 70 critical vulnerabilities were fixed, but more than nine-out-of-ten users did not update within a week of its release, the research said.

"We know better than to let a desktop computer run on a corporate network if it was several months (if not years) behind on security updates," said Mike Hanley, program manager at Duo Labs, in a blog post. "We need to start thinking about mobile devices in the same way."


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All