SAN FRANCISCO, Aug. 19, 2015 /PRNewswire/ — Today Appthority, the leader in enterprise Mobile App Risk Management, has identified a critical security flaw in the iOS mobile operating system impacting all iPhone, iPod touch, iPad devices running iOS 7 and later. As the first mobile app security company to detect and collaborate with Apple to fix this vulnerability, Appthority recommends all enterprises ensure both corporate and employee owned devices are running the most current iOS version.
Dubbed “Quicksand,” the sandbox security vulnerability enables a malicious mobile app, or a bad actor who gains access to a physical device, to read other installed mobile apps’ managed preferences, giving cybercriminals the ability to harvest credentials and exfiltrate other sensitive corporate data. Thanks to Appthority’s discovery and disclosure, Apple has fixed the vulnerability in the most recent iOS 8.4.1 security update.
However, many enterprises remain at-risk due to mobile devices running outdated iOS versions without the security patch and Mobile Device Management (MDM) as well as Enterprise Mobility Management (EMM) solutions which are not using best practices in regard to credential storage protocol.
According to Appthority research, an estimated 70 percent of enterprise Apple devices are still running an outdated iOS version. Therefore, even with the recent release of iOS 8.4.1, the Quicksand vulnerability will continue to be an enterprise security risk.
In addition, many enterprises rely on MDM and EMM solutions as their core mobile security layer protecting them from data loss and leakage, but most MDM and EMM solutions are currently impacted by this vulnerability and are thus exposing credentials and other sensitive data.
“Since the recent Apple security patch only covers devices running iOS 8.4.1 or later, it’s critically important that MDM and EMM vendors update their apps as soon as possible to follow best practices when it comes to storage of credentials and sensitive data,” said Kevin Watkins, co-founder and mobile threat lead, Appthority.
Appthority’s app risk management service can detect when apps are not following best practice guidelines, which enabled Appthority’s Enterprise Mobile Threat researchers to uncover this issue using its best-in-class dynamic mobile app behavior analysis engines.
For a technical explanation of the Sandbox_profiles vulnerability, and the types of mobile apps at risk please visit Appthority’s Enterprise Mobile Threat Blog: https://www.appthority.com/enterprise-mobile-threats
Appthority provides the industry’s first all-in-one App Risk Management service that employs dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data. Named the Most Innovative Company of RSA Conference 2012, Appthority has analyzed more than three million apps for its Global 2000 and government customers. By delivering trust to the app ecosystem, Appthority allows enterprises to securely benefit from the proliferation of useful apps. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners and Venrock. More information on Appthority can be found at https://www.appthority.com/.
Appthority name and logo are either registered trademarks or trademarks of Appthority, Inc in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies.
MSLGROUP for Appthority
+1 (415) 817-2511