Holding Off on Installing The Latest iPhone Update? You May Want to Reconsider...

Author: 420 Times
Created: 20 August, 2015
Updated: 16 October, 2022
2 min read

This has been a bad couple of weeks for mobile phone security as several major iPhone vulnerabilities were revealed this week which allow a malicious external website to compromise your phone when it is viewed, either in Safari or another app that renders HTML (and there are many, many apps that do).

As such, it is imperative that iPhone users apply the latest updates for iOS as soon as possible. The fixed version is iOS 8.4.1, so any iPhones running iOS versions less than 8.4.1 are vulnerable.

[For reference, here is one of the CVEs (Common Vulnerabilities and Exposures) assigned to the iOS vulnerability.]

Stagefright Android Vulnerability Logo

This comes on the heels of a critical Android vulnerability discovered earlier this month, code-named "Stagefright," after the media rendering library which contained the bug. The Stagefright vulnerability affects all Android phones going back to version 2.2 -- an estimated 95% of all Android users -- and allows bad actors to completely take over your phone simply by sending it a malicious text message.

Vulnerable Android phones only have to receive the text message to be compromised -- opening or reading the message is not required.

Thankfully for iPhone users, the iOS bug isn't nearly as dangerous as the Android Stagefright vulnerability and the vertically-integrated Apple was able to quickly push out a security patch to most (though not all) of its users.

Android users, however, aren't going to be so lucky. As of today (August 20, 2015) the Stagefright vulnerability remains unpatched by Google.

The good news is that Google and Samsung have officially committed to pushing out monthly security updates to some of its phones (LG has also stated unofficially that it will start pushing out monthly security updates to some devices). The announcements, however, do not specify which specific models will receive monthly updates nor do they state how long supported phones will continue to receive the monthly updates after purchase.

It also leaves open the possibility that cheaper, non-flagship phones won't receive the monthly security updates at all, making security updates a premium service granted only to those who purchase the most expensive models and throwing everyone else to the wolves. This also leaves little recourse for users with older phones other than to purchase a new, potentially expensive phone.

IVP Existence Banner

This, no doubt, is good for the bottom line of many cell phone manufacturers and carriers, but is decidedly not consumer friendly.

Latest articles

Thomas Massie
Congress' 'Mr. No' Thomas Massie to Moderate Free and Equal Presidential Debate
The Free and Equal Election Foundation is slated to host its second presidential debate of 2024 on July 12, and it will be co-moderated by a member of Congress who is no stranger to challenging the status quo....
07 June, 2024
2 min read
Steve Peace: Why I’m Voting for Robert F. Kennedy Jr for President
I’m a lifelong Democrat. I served for more than 20 years in the California Legislature and as Director of Finance under a Democratic governor. I supported and financially contributed to Hillary Clinton in 2016 and Amy Klobuchar in 2020....
07 June, 2024
4 min read
Santa Clara Could Be First CA County to Adopt Ranked Choice Voting
The Santa Clara County Board of Supervisors may consider implementing ranked choice voting (RCV) for county elections in August. If it moves forward with the change, Santa Clara would be the 9th jurisdiction to approve its use – and would be the first to approve it for county elections....
05 June, 2024
3 min read