Automatic Updates are a Vulnerability

We use automatic updates to make sure we have the latest features and to fix any bugs or security vulnerabilities, but what if the automatic update feature itself was the vulnerability?

Automatic Updates are a vulnerability because they allow an external entity to modify their software to ANYTHING and send it to your computer. The only thing stopping that is trust and the entity’s cyber security.

Trust is something that is at the core of a brand, which means when you use a piece of software you trust that it will do only what is required. If the entity chose to betray that trust and modify the software to do something malicious then it is expected all users of the software will stop using the software as it has betrayed their trust. Therefore the assumption is to avoid this happening the entity will not modify the software to be malicious even though they could.

The Cyber security of any company, business, organisation (entity) is very important but even more if the entity provides software that has an automatic update. This is because with that automatic update if the entity is hacked, the hacker can compromise the auto update and then run their malicious code on all the users computers. This has happened in the past with SolarWinds and will happen again in the future.

Does this mean you shouldn’t use automatic updates?

With unlimited resources you would write all your own code so you could control every piece of software on your computer and never need to use automatic updates. However we do not live in that world of unlimited resources, so in our world of limited resources you need to accept some risk and use software from external entities. Fortunately this is good for the economy and the environment as we share the “wheel” rather than everyone creating their own “wheel”, and with the appropriate steps the risk with automatic updates can be reduced.

So making sure any automatic update software is from an entity with great Cyber Security and an entity that is trustworthy is important. This is essentially a supplier risk which needs to be managed. There are also other technical details and options to restrict software even if it is automatically updated.

If you need help understanding supplier risk and how it can be managed read our other relevant blogs and contact Vertex to talk to our Cyber Experts.

CATEGORIES

- - - -

TAGS

- -

SHARE

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • Level 4, 11 York Street Sydney NSW 2000 Australia
  • Goods Shed North, 710 Collins St Docklands, Melbourne, VIC 3008 Australia
  • Lot Fourteen, North Terrace Adelaide SA 5000 Australia
  • 44 Montgomery St San Francisco California USA
  • 9 Raffles Place #14-05 Republic Plaza Singapore 048619

(c) 2024 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.