Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/18/2017
05:15 PM
50%
50%

Android Users Fail to Run Latest OS Version

A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.

An alarming number of Android devices are not running the latest operating system, potentially putting any Android-toting BYOD employee at risk of bringing a malicious attack onto their corporate network, according to a report released today.

Zimperium's Global Threat Intelligence, a network comprised of millions of licensed mobile endpoints around the world, found in the first quarter that:

  • 98% of Android devices do not have the latest software version, 7.1+
  • More than 35% of iOS devices do not have the latest software version, iOS 10.3, and have not received security updates as of March 31.
  • 13% of Android devices carry malware in their apps
  • 1% of iOS devices were loaded with malware
  • More than 19% of apps can grab private information, such as passwords and the device's Unique Device Identifier (UDID)

Older versions of Android not only carry known exploits, but the study also found that 15% of configuration settings on Android devices are rooted, allowing non-Google Play app downloads and developer options to be enabled.

And for the iOS, the study noted: "The most concerning risks associated with iOS devices were malicious configuration profiles and 'leaky apps.' These profiles can allow third parties to maintain persistence on your device, decrypt your traffic, synchronize your calendars and contacts, know your location and could allow a remote connection to control the device or siphon data from the device."

Read more about the study here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: STOP LOOKING IN HERE FOR YOUR PASSWORD!!!
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28488
PUBLISHED: 2021-01-22
This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
CVE-2021-22847
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...