Apple Devices Need 51 Important Security Updates

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates.

The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com)

The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad or iPod touch's microphone. Not only would the user not need to give permission, but they might be unaware it has happened.

Sites Could Track Device Movement

Another security flaw could allow a website to get data from a device's movement sensors without their knowledge. The big problem here isn't so much the possibility of tracking a user's own movements; instead, it could be possible to detect when the device is completely still, suggesting it's not in use. If a phone was already exploited, it could signal to hackers it's a 'better time' to run malware with a minimal risk of the user being alerted.

There's also a series of fixes for bugs that could allow malware to run code on the device with permission. Another bug could allow such code to activate if a user taps on a link in an SMS message. (Source: theregister.co.uk)

Security Updates Overshadowed

Apple's update system does have some big advantages over the likes of Android. Because it makes both the software and the phones and tablets themselves, it has much more control over updating devices rather than waiting for manufacturers to roll out updates.

A downside is that tying the security updates to the feature updates means some users are reluctant to install updates for fear that older devices may struggle to keep up with the new version of the system and slow performance. That could mean some people choose not to get the security fixes, which means that their devices are now at risk.

The policy also means that security fixes will often come at the same time as Apple is announcing new features, often with high-profile media events. Depending on how you view it, that could be a smart move because it takes attention away from security problems, or an irresponsible one because it reduces the likelihood of users learning about the need to install an update.

What's Your Opinion?

Are you surprised Apple devices have so many security flaws? Is Apple right to combine security and feature updates? Would you prefer an option to only install bug fixes?