With our growing use of software in apps, on our laptops and other devices, throughout the day, it has become increasingly important to keep it up to date with the latest versions. Not only does this allow your apps or devices to run smoothly, but it has the added benefit of keeping them – and your data – safe.
That’s because software changes at an incredibly fast rate. Each change has the potential to introduce a vulnerability that bad actors, like hackers or scammers, can exploit for their benefit.
What is a software vulnerability and how important is it really to keep your software up to date? In this third blog in our cyber security month series, we’ll cover the essentials of software updates.
What is a vulnerability?
Like everything else in the world, modern software is made up of hundreds of different parts. Many are developed in-house, but others are imported from various other public sources.
These parts have usually been scrutinised over the years and are deemed safe to use. However, new vulnerabilities are discovered almost daily within software that is widely used throughout the world.
A security vulnerability is a bug within a software’s underlying code. This can allow bad actors to utilise the capabilities of the software for unintended and often unauthorised actions.
A famous recent example is the Log4j vulnerability that impacted almost every piece of software in the world. Log4j is an open-source logging library commonly used by apps and services across the internet. Log4j is almost certainly part of the devices and services you use online every day.
If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software. The Log4j vulnerability was a prime example of the need to update software once fixes are put in place to make sure applications are kept safe.
How to update different types of applications
We understand that you are most probably making use of at least a dozen different web and mobile applications to not only manage and grow your business but for your life in general.
Here are four different ways you can update your software depending on the application you are using:
1. Mobile applications
We recommend updating these apps to their latest version as soon as they are available.
2. Web applications
These applications will be updated by the vendor on behalf of users and hence require no action. Instead, for security purposes, we recommend always choosing strong passwords and enabling multi-factor authentication (MFA) when setting up accounts on such applications.
3. Desktop applications
These would be applications running on your computer on your operating system of choice (like Windows or Mac OS). Many of these have their own underlying updating mechanisms which might require manual action. However, some can also be updated through their respective app stores.
4. Operating systems (OS)
Vulnerabilities can also occur within the underlying operating systems running on devices, including phones and computers, and can be much more intrusive.
Once the device is compromised through an OS vulnerability, every app or data stored on the device is then at risk. We recommend updating the OS as soon as there is an available new version. Your phone will usually notify you when there’s a new update available. But if not, head to your phone’s settings to see available software updates.
At Mettle, we take extreme care to make sure such vulnerabilities don’t end up on the live version of the Mettle app. This often involves both internal and external security testing, running threat modelling sessions for new features, and automatically picking up and updating vulnerable code from third parties.