Following the news that apple patching three separate zero-day exploits? Kyle Lady, Senior R&D Engineer at Duo Security commented below.
Kyle Lady, Senior R&D Engineer at Duo Security:
“This patch is a big one and people need to update immediately. For organisations with iPhones accessing business applications and email, which, let’s face it, is EVERY organisation, employees and contractors should be encouraged to patch their phones as soon as possible. To offer some perspective: 62% of employee devices are affected by this, based on our own customer data sample of over two million devices.”
“In this case, SMS is masquerading as two-factor authentication messages, so users should be as careful when opening links in text messages as they should be with potential phishing. Users should note that texts could be phishing attempts, just like links within emails can be. As a user authentication vendor, we strongly encourage the use of push-based two-factor authentication over SMS.”