First half of 2017 sees more mobile vulnerabilities than for the whole of 2016
A new report into mobile threats reveals that in the first half of 2017, there were more common vulnerabilities and exposures (CVEs) registered for Android and iOS than in all of 2016.
The study by mobile threat defense company Zimperium, based on data from its z3a app analysis tool, also shows that many devices aren't running the latest operating systems, leaving them vulnerable.
It finds that 94 percent of Android devices are not running the latest software version available, compared to 23 percent of iOS devices. The most concerning risks associated with iOS devices were malicious configuration profiles and 'leaky apps.' These profiles can allow third parties to maintain persistence on a device, decrypt traffc, synchronize calendars and contacts, track the device's location and more.
"Our customers detected hundreds of thousands of threats from April 1 through June 30, 2017, at the device, network or app levels," says Scott King, director of customer advocacy at Zimperium. "We also investigated a sample set of 50,000 iOS apps with z3A. The investigation uncovered security and privacy issues in the apps that are cause for concern for any enterprise."
The report shows that over five percent of all devices detected a reconnaissance scan from a network device or an attacker between the beginning of April and the end of June. Some 80 percent of these scanned devices later detected a man-in-the-middle attack.
In addition one in 50 apps downloaded on enterprise devices were found to have serious security or privacy abuse issues. These include things like keychain sharing and reading the device UUID number.
You can find out more about the findings and download the full report on the Zimperium blog.