The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities — and some simply may never be protected.
The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities — and some simply may never be protected.
Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age.
See also:
Bridgeway carried out its research across private, public and third-sector organizations in the UK using its IronWorks mobile management system. It found that — looking across iOS and Android — 72 percent of devices are vulnerable to Meltdown and Spectre. Despite the fact that patches have been available for a week now, it was discovered that a mere 4 percent of phones and tablets have them installed.
What is perhaps worst news is the fact that 24 percent of enterprise devices will never be protected against the critical vulnerabilities. The age of these devices means that patches are not being developed. As time goes by, and further details about how to exploit Meltdown and Spectre emerge, there is a very real danger that these devices will be at risk of attack.
Jason Holloway, managing director of Bridgeway, is concerned:
Organizations are advised to check for the availability of patches for their devices, and to install them as soon as possible. Older devices that will never be patched — older than Marshmallow, for example — should be replaced to ensure security, says Bridgeway.
