Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article

Security Vulnerabilities in Hotpatching in Mobile Applications

Authors:
Sarah Ford
Aspen Olmsted

Keywords: Javascript; iOS; patching; mobile computing; open-source tools; Apple; security

Abstract:
The need for developers to be able to update mobile apps immediately on discovery of a critical bug is something the Apple iOS software patching system does not allow through their traditional app patching lifecycle. Two tools have been developed to solve this problem, one commercial and one open-source. Both employ JavaScript and dynamic code downloads and provide a method for users to receive immediate updates, but both have the potential to be abused and open the user to multiple security vulnerabilities. This paper will discuss how the tools JSPatch and Rollout.io, open-source and commercial respectively, enable quick updates but also expose users to multiple security vulnerabilities and argue for why Apple should not allow them; it proposes a better solution using the same technology that preserves security.

Pages: 47 to 51

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017