So many threats, so little time.
Appthority recently sent out an advisory to our customers summarizing the latest iOS threat: XARA. The flaws were reported by security researchers from three universities and was dubbed “unauthorized cross-app resource access”, or XARA. The research described a pair of flaws having to do with keychains, and URL schemes, and it made headlines in the trade press. However, what didn’t make headlines were a couple of flaws in the research.
First, the flaw regarding keychains is valid but it only exists in Max OS X–not iOS, as reported. There are plenty of reasons to be concerned about mobile risks; this isn’t one of them.
Second, the flaw regarding URL schemes has been known since February. The risk is quite low, although you would never know it by the headlines. “Critical Flaw”, “Devastating iPhone Security Flaw” and “Serious Vulnerability” are but a few of the scary headline excerpts. Of course it’s important to be well informed. But hyperventilating over something that has never been seen in the wild and has since been patched by Apple is way out of proportion to the actual risk.
So what should be done? Well, Appthority’s Mobile App Risk Management solution identifies and reports on imposter apps–a common malware packaging scheme–when we find them in our customers’ environment. Further, our solution can be used to identify potential apps that may hijack using the App URL Scheme today:
In addition, we provide the ability to customize risk definitions and remediation policies to suit the unique needs of each organization, and we do it at enterprise scale. And we are continuously updating our app analysis capabilities to detect mobile app threats and other behaviors that represent real risks to the enterprise.