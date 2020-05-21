A little less than a month ago we discovered, thanks to the company ZecOps, that the Mail app for iOS and iPadOS had a couple of security flaws that, combined, weakened file system security. Now, with the arrival of iOS and iPadOS 13.5, Apple closes these vulnerabilities.

Vulnerabilities, a matter of accumulation

It appears that this vulnerability affected devices from iOS 6 to iOS / iPadOS 13.4.1. Apple fixed the bug in the latest iOS 13.4.5 beta which was later renamed to 13.5 and it hit all of us yesterday. After the discovery Apple publicly responded by clarifying the situation. and ensuring that the discovered security flaws were insufficient to bypass iPhone security protections:

Apple takes all reports of security threats very seriously. We have thoroughly investigated the investigator’s report and, based on the information provided, we have concluded that these errors do not pose an immediate risk to our users. The researcher identified three problems in Mail, but On their own, they are insufficient to bypass security protections. iPhone and iPad, and we have found no evidence that they have been used against customers. These potential issues will be addressed in a software update that will be released soon. We value our collaboration with security researchers to help keep our users safe and we will reward the investigator for their help.

The importance of updates

Now this “software update to be released soon” has arrived and we can update our devices. Updates, in addition to bringing us new features to do more and better with our iPhone or iPad, they bring bug fixes and security flaws. True, many of those small flaws are insufficient to successfully attack the system, but vulnerabilities, both at the computing level and in other fields, are always cumulative.

Too many times I hear, during my training, people who say they prefer to wait to update when a year has passed since the version came out. People who, when new operating systems come out in September, update to a version that is already one year old. The degree of perfection and stability that is used as a reference when deciding to install an update or wait is up to everyone, but one thing is clear, security updates are important.

The first recommendation when we start to read or inform ourselves about the security of our devices is always the same: keep devices updated to the latest version.

Now with the iOS and iPasOS 13.5 update, history repeats itself. As Apple indicates, with the security holes that have been closed it is not enough to violate the protections of our iPhone or iPad, but cumulatively seen the story is different.

