Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Threat Management, Malware, Phishing, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

As businesses weigh adoption, new iPhone plugs 13 flaws

The second version of the iPhone, released Friday, includes faster internet, GPS functionality and an application store — as well as 13 security fixes.

According to maker Apple, the security update addresses eight flaws in the Safari web browser, a number of which could be exploited to crash an application or execute arbitrary code if a user is misled to a malicious website.

While a number of the vulnerabilities were previously known, there have been limited reports of exploits.

But that may change as the iPhone gains market share, Ken Dulaney, vice president of mobile computing at analyst firm Gartner, told SCMagazineUS.com on Friday.

"The good thing about a successful product is someone making a lot of money from it," he said. "The bad thing is the virus guys target it."

That may pick up even more should enterprises begin mass adoption, experts said.

The newest version contains two key security features for businesses: the ability to remotely wipe data from lost or stolen devices and the requirement that users employ complex passwords, Dulaney said.

That is why Gartner believes businesses can leverage the iPhone for employee use - but companies should hold off on developing iPhone-specific applications because there are limited ways to protect them.

"We're OK with the iPhone being used for email, personal information management [calendars, etc.], [web] browsing and telephony," he said. "We're not yet comfortable with [businesses] building locally coded applications on the device."

Meanwhile, the way in which Apple pushes iPhone firmware updates to its users - through individual iTunes progams instead of a centralized mechanism - may turn off some enterprise users, Dulaney said.

"I don't know of any enterprise application where the first screen you see is music," he said. "When you get to businesses thinking about security, this is going to make them feel uncomfortable."

The new version does include a configuration manager, designed to help IT departments manage their iPhones, but it is unknown how effective it will be, Dulaney said.

iPhone 2.0, though, is catering to corporations in one clear way: It comes equipped with Microsoft Exchange ActiveSync email support.

"No one else seems to see the irony in this that I do," Andrew Storms, director of security operations at nCircle, recently wrote on the security firm's blog. "For years, Apple's marketing has hammered on Microsoft's product as bloated and full of security holes. However, Apple obviously realized that in order to enter the enterprise market they had to do something drastic."

An Apple spokeswoman could not immediately be reached for comment on Friday.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.