The press turns ebullient whenever the words "Apple" and "security" can be brought together in a story. After all, the myth that the Mac is inherently more secure than Windows PCs makes Apple seem more skilled in security matters, and thus anything that might crack that myth gets front-page treatment. Case in point: the recent SMS vulnerability discovered in the iPhone.
I'm not jumping on that bandwagon, nor will I play apologist for Apple. But the latest vulnerability discovered for the iPhone points out weaknesses in Apple's iPhone infrastructure, particuarly with regard to the distribution and installation of software updates. The problem is not new, but it is now a real risk, not a theoretical one: To update iPhone firmware, a user or their IT department must tether the phone to a Mac or PC and run iTunes.
[ The InfoWorld Test Center puts the new iPhone Configuration Utility through its paces. | See how far you can push an iPhone or a BlackBerry for everyday business use. | Get the InfoWorld editors' mobile 2.0 Deep Dive PDF report. ]
Although the iPhone started out as a iPod variation, and thus shared the iPod's iTunes tethering, the iPhone has long since become a device in its own right: a programmable smartphone that is connected to a Mac or PC more often to recharge it than to transfer data. That's why I have iTunes set not to launch automatically when my iPhone is connected. But it also means I often don't notice a firmware update unless it's attached to a new release of iTunes or the iPhone SDK. I'm sure I'm not alone.
That's the first problem: lack of reliable and specific notification of critical updates. Some millions of iPhone users aren't aware that the 3.0.1 firmware is essential inoculation, and I can't guess how many aren't aware of the update at all. The Apple Push Notification Service (APNS) gives Apple a priority line to all legitimate iPhone 3.0 users. That's a good way to get the word out, and I hope Apple takes to using it, but an update-o-gram from Apple that pops up on your phone should be reserved for critical updates -- those that leave your privacy, data, or core device stability at risk if they go uninstalled.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive InfoWorld Resource Alerts
13 Recommendations
