I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does. It is only a very small subset of the population that considers security, even secondarily. And if they do, many don’t understand enough about it to implement it properly. The article in question asks if users should upgrade to the newly released iOS, version 9.3.3. Hold off on OS updates? Seriously?
OS Updates: Yes? No? Maybe?
Posing the title of the article as a question is wrong-headed and lends the impression that operating system updates are optional. It also indicates, however subtly, that OS updates should be selected based on enhanced feature sets. Though Apple has traditionally rolled new features into its flagship (and sometimes intermediate) iOS releases, one of the primary purposes of updates are to deal with security issues. The author does get around to mentioning that iOS 9.3.3 is a security update. But this is halfway down the page and under a section titled “So What Do You Get?”
Readers, pressed for time, may only skim the bullet points and opt not to upgrade. This is dangerous. Apple has released a long list of serious security bugs that this update patches. If the bad guys didn’t know about those updates before, they do now. To continue to use a phone with known security flaws is bad business. The author’s “verdict”, near the bottom of the copy, is yes, you should upgrade but not right now. My read: yes, upgrade, but run around with some unpatched vulnerabilities on your phone for a couple more weeks. You know, just in case this release doesn’t work perfectly with Pokémon GO or something.
Update, Update, Update!
Operating system updates are one of the single biggest steps you can take to harden your operating system. OS updates protect you from malware, by patching known security flaws. Running outdated applications and OSs is a major attack vector, and it is foolhardy to delay updating. If you need evidence of this, look to Google. Outdated operating systems are on of the major reasons Android is a much bigger malware target in the mobile marketplace. Google has recently increased pressure on hardware manufacturers and carriers to push updates faster. Why is Google pushing faster updates? Short answer: security.
The bottom line: update your operating systems and firmware on your phones, tablets, computers, routers, etc. Sure, there is a small possibility there will be security issues in the release (remember iOS 7?), but I’ll take this over the absolute guarantee of vulnerabilities in the current one.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.