FIERCE IT SECURITY | By Fred Donovan –
Enterprises can no longer rely on Apple’s vetting process for its App Store because six major security vulnerabilities have been uncovered in the store over the past seven months, according to Appthority’s latest Enterprise Mobile Threat Report released Wednesday.
These vulnerabilities are Quicksand, JSPatch, XCodeGhost, AceDeceiver, YouMi and MobiSage.
The most recently discovered are JSPatch and AceDeceiver. The JSPatch open-source platform is being used by attackers as a backdoor to modify apps, exposing an enterprise to data leakage. More than 960 apps infected with JSPatch were found on enterprise customer devices and the App Store, according to the report.
AceDeceiver, a Trojan app that conducts phishing attacks looking for users’ usernames and passwords, was removed from the App Store after two months but remains on employee devices, where it increases enterprise risks of data leakage. The AceDeceiver Trojan exploits security flaws in Apple’s digital rights management technology to install itself onto non-jailbroken devices without any warnings to the user.
However, Apple is not the only offender when it comes to poor mobile security. Most Android devices run unpatched, outdated versions of the Android operating system, which means security risks are high for enterprises that allow Android devices to access the corporate network.
“With only 4.6 percent of Android devices running Marshmallow six months post launch, security patches to known vulnerabilities are not making their way to the enterprise quickly enough,” said Domingo Guerra, co-founder and president of Appthority.
Read the original article on FierceITSecurity here.