This practical entry briefly outlines how to force or defer OS Update for Apple iOS devices (iPhones, iPads). There are two completely opposite use cases for this:
Critical 0-day vulnerability – must force push OS Update to patch the devices
Business critical apps not tested with the latest iOS update – must delay/disallow update before testing. This is a better known challenge to Apple device managers, since typically user is allowed to update manually.
Trustjacking is a new “scary” attack on iOSnew “scary” attack on iOS devices, exploiting user’s lack of understanding or what’s going on. When plugging into an unknown computer or charger user may choose to “trust” it, which allows the remote device quite a degree of access to iPhone/iPad data. Many don’t realize that this trust remains after the device is disconnected and may be exploited, for instance, via Wi-Fi, if Wi-Fi sync is enabled. Many others also think that this trust is necessary for charging.
Basically, Apple should have looked at how Android 6+ has a “charge only” USB mode by default, fixed the wording and be done with it.
Protecting from this attack is extremely simple on Supervised (DEP) devices via EMM.
Here’s how it’s done via AirWatch, but any other major EMM will have something similar – this is Apple’s standard OS feature.
As a bonus, this will prevent not just the Trustjacking attack, but many other threats and leaks, since it blocks everything.
Wondering, how many had this configured before the Trustjacking news?