iPhone 4.3.2

The latest iOS software update is out containing multiple security fixes. Certificate Trust Policy libxslt Quicklook WebKit Exploitation of the most severe of these vulnerabilities may lead to remote code execution. Isn’t this the 3rd update in the past five or six weeks?   Does your corporation account for iPhone patching?

Quicktime 7.6.9 released

Apple has released Quicktime 7.6.9 to address multiple security vulnerabilities.  Viewing a maliciously crafted file could lead to arbitrary code execution. Apple’s writeup of the security vulnerabilities is posted at this link. Quicktime can be updated through Apple Software Update or via download at www.apple.com/quicktime/download. Quicktime was last updated 2.5 months ago.

Quicktime and SCUP

When Quicktime 7.6.7 came out, I wanted to deploy it with Microsoft System Center Update Publisher (SCUP).   I’d recently used SCUP to deploy Flash (for IE) and the Dell Inventory Agent.   It made sense to look at using SCUP and SCCM Software Updates to deploy patches rather than continuing to use the old Software Distribution …

Continue reading ‘Quicktime and SCUP’ »

Good App for iPhone Update

Good released a minor update to their app for the iPhone.   Release notes are on their site. Companies that don’t want to use ActiveSync but still feel pressured into making the iPhone an option are looking to Good to do so.   From the release notes: • Complete landscape view – Including email list view, calendar, …

Continue reading ‘Good App for iPhone Update’ »

Patching week in review

This week saw a large number of Microsoft patches Additionally Adobe released updates for Flash and Adobe Air. Acrobat and Reader updates expected for this week will occur next week. Apple patched the iPhone and released an update for QuickTime.  iTunes users were not given the QuickTime update as of this post. To stay up …

Continue reading ‘Patching week in review’ »

Jailbreaking – Unsafe at any speed

Look at me, making Ralph Nader references whether they work or not. Back in July, the US Copyright office ruled it is legal to jailbreak your iPhone in order to install non-appstore apps or even to unlock the phone to use with another carrier. What does this mean for iPhones used the enterprise? Just because …

Continue reading ‘Jailbreaking – Unsafe at any speed’ »

Forrester’s iPhone Article

Earlier this week Forrester released a paper on iPhone and Enterprise use.   That article was summarizedby Larry Dignan on ZdNet.   As a side note, I started to write on this earlier but wasn’t sure that I could legitimately quote from the article.   I guess it would be ok to quote small passages to critique.   But it’s …

Continue reading ‘Forrester’s iPhone Article’ »

Unisys and the iPhone

Have you read this Apple profile on Unisys’ use of the iPhone. “A wide range of aspects give us confidence that iPhone is a secure device.” Tip Underwood, Vice President of Sales and Management Support  I wonder if they still have that confidence after reading about the Zdziarski Method.  or PIN bypass.  The PIN bypass …

Continue reading ‘Unisys and the iPhone’ »

iPhone (in)security in the enterprise – Followup

Back in November I wrote a summary of several concerns we have about the iPhone in the enterprise. Four months later lets take a look at see what’s changed. One of the other guys at work took that list of concerns to our AT&T rep, who then took them to a unnamed, untitled Apple contact. …

Continue reading ‘iPhone (in)security in the enterprise – Followup’ »