DSD advises iOS 6 update despite incomplete evaluation

The Australian Defence Signals Directorate (DSD) has advised government agencies that they should update their Apple devices to the latest version of iOS, even though it has not completed an evaluation of the product.

In a broadcast issued by DSD's Cyber Security Operations Centre, DSD has said that the new version of Apple's mobile operating system provides "notable security enhancements" that warrant the update, despite its acknowledgement that iOS 6 was still in evaluation.

"In particular, iOS 6 addresses a known vulnerability in Apple Mail's use of Data Protection on email attachments, which is unlikely to be retrospectively applied to iOS 5."

DSD has worked with Apple in the past to scrutinise the security of iOS and ascertain whether it was appropriate for government use. It released a hardening guide for iOS in July last year, and earlier this year in March, it updated the guide for iOS 5 and certified the operating system for government information up to "protected" level of classification.

Now that iOS 6 has been released, and DSD has noted that iOS 5 will no longer be available for download as a result, it is working towards releasing an updated hardening guide for iOS 6.

"The updated guide will contain additions in response to new features, rather than wholesale changes to the existing advice," DSD wrote in its broadcast.

In the meantime, DSD advised that government agencies should continue to use the existing hardening guide (PDF) when securing iOS 6 since, while it does not cover the new features in iOS 6, the older advice is still applicable.