Apple has released security updates for iOS, fixing 51 vulnerabilities in version 12.2 of the operating system.
Apple patches 51 security flaws – https://t.co/yvMSbXYZPb
Apple's update for iOS and macOS patches 51 holes, the more serious of which include bugs in Safari, Keychain and FaceTime.
Naked… pic.twitter.com/33yZmRovpF— Cyber Crime Killers (@CyberCrimeKilla) March 27, 2019
Experts Comments Below:
Lamar Bailey, Director of Security Research and Development at Tripwire:
“Almost every product can be patched or updated easily with auto updates or over the air updates. The days of large service packs should be gone, and we should instead be focusing on a DevOps approach to security patching. When you send out a large patch with tons of fixes it requires a lot of testing, and any error that requires a rollback removes all the good fixes with the bad one, until things are sorted out. In constrast, a DevOps approach means that fixes can be pushed when ready or in small batches. It speeds the process up and gets fixes to customers faster, making field issues easier to troubleshoot, without requiring massive pushes to end users. The goal should be to reduce the exposure time between when a vulnerability is found and when it is patched.”
Thomas Richards, Associate Principal Consultant at Synopsys:
“Chains of trust utilising certificate signing to push software updates or patches are an important tool to prevent unauthorised patches. However, they need to be carefully monitored at all times to ensure that the chain of trust has not been broken. Proper monitoring tools and policies should exist which verify software before it is sent to customers. This verification should contain an approvals paper trail which will highlight where the software originated from, the purpose, and the individual approvers in the various steps of the chain before the software was published.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.