TMCnet News
Appthority Identifies Critical iOS "Quicksand" Vulnerability Enabling Malicious Mobile Apps to Harvest Enterprise CredentialsSAN FRANCISCO, Aug. 19, 2015 /PRNewswire/ -- Today Appthority, the leader in enterprise Mobile App Risk Management, has identified a critical security flaw in the iOS mobile operating system impacting all iPhone, iPod touch, iPad devices running iOS 7 and later. As the first mobile app security company to detect and collaborate with Apple to fix this vulnerability, Appthority recommends all enterprises ensure both corporate and employee owned devices are running the most current iOS version.  Dubbed "Quicksand," the sandbox security vulnerability enables a malicious mobile app, or a bad actor who gains access to a physical device, to read other installed mobile apps' managed preferences, giving cybercriminals the ability to harvest credentials and exfiltrate other sensitive corporate data. Thanks to Appthority's discovery and disclosure, Apple has fixed the vulnerability in the most recent iOS 8.4.1 security update. However, many enterprises remain at-risk due to mobile devices running outdated iOS versions without the security patch and Mobile Device Management (MDM) as well as Enterprise Mobility Management (EMM) solutions which are not using best practices in regard to credential storage protocol. According to Appthority research, an estimated 70 percent of enterprise Apple devices are still running an outdated iOS version. Therefore, even with the recent release of iOS 8.4.1, the Quicksand vulnerability will continue to be an enterprise security risk. In addition, many enterprises rely on MDM and EMM solutions as their core mobile security layer protecting them from data loss and leakag, but most MDM and EMM solutions are currently impacted by this vulnerability and are thus exposing credentials and other sensitive data. "Since the recent Apple security patch only covers devices running iOS 8.4.1 or later, it's critically important that MDM and EMM vendors update their apps as soon as possible to follow best practices when it comes to storage of credentials and sensitive data," said Kevin Watkins, co-founder and mobile threat lead, Appthority. Appthority's app risk management service can detect when apps are not following best practice guidelines, which enabled Appthority's Enterprise Mobile Threat researchers to uncover this issue using its best-in-class dynamic mobile app behavior analysis engines. For a technical explanation of the Sandbox_profiles vulnerability, and the types of mobile apps at risk please visit Appthority's Enterprise Mobile Threat Blog: https://www.appthority.com/enterprise-mobile-threats About Appthority Appthority name and logo are either registered trademarks or trademarks of Appthority, Inc in the United States and/or other countries. All other products and/or services referenced are trademarks of their respective companies. Contacts: Media Contact Logo - http://photos.prnewswire.com/prnh/20130826/SF69650LOGO
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/appthority-identifies-critical-ios-quicksand-vulnerability-enabling-malicious-mobile-apps-to-harvest-enterprise-credentials-300130883.html SOURCE Appthority 
|