Mobile Vulnerabilities - Enterprises Struggle with Control
Basically, mobile devices are becoming riskier as they have outdated software and hidden threats.
Mobile devices are increasingly vulnerable due to outdated software and hidden threats like Shadow AI. This puts sensitive enterprise data at risk. Organizations must act to secure their mobile environments.
What Happened
The mobile attack surface is expanding rapidly, leaving enterprises vulnerable. A recent report from Jamf highlights the critical security failings of mobile devices, revealing that many organizations lack control over their mobile environments. With the rise of Shadow AI in everyday apps and the prevalence of outdated operating systems, the risks are significant.
The State of Mobile Devices
Jamf's analysis of over 1.7 million mobile devices uncovered alarming statistics:
- 53% of organizations had at least one device with a critically out-of-date operating system.
- 18% of employees connected to risky hotspots.
- 8% of devices clicked on phishing links, meaning that in a company of 100 employees, 8 could be at risk.
Moreover, 86% of 135 popular apps analyzed contained known security flaws, indicating that even widely used applications are not safe. The emergence of Shadow AI—unrecognized AI functionalities embedded in apps—further complicates the security landscape.
Adversarial Activity
Mobile devices are high-value targets for cybercriminals. Jamf's report identifies various spyware threats, including Predator and Pegasus, which have been used for both nation-state surveillance and financial gain. Zero-click attacks are particularly concerning, as they can exploit vulnerabilities without user interaction. For instance, CVE-2025-43300 and CVE-2025-24201 both have a severity score of 10.0, allowing attackers to exploit memory corruption in iOS devices simply by parsing images.
The Flaws
Several critical vulnerabilities were highlighted:
- CVE-2025-10585 (9.8): Can lead to memory rewrites and crashes.
- CVE-2025-48543 (8.8): Allows local escalation of privilege.
- CVE-2024-53104 (7.8): Can cause memory corruption. These vulnerabilities underscore the urgent need for enterprises to address mobile security comprehensively.
What You Should Do
To mitigate these risks, enterprises must take proactive steps:
- Inventory mobile devices: Understand what devices are in use and their configurations.
- Implement regular updates: Ensure all devices receive timely operating system and app updates.
- Educate employees: Raise awareness about phishing and safe device practices.
Lessons Learned
As the mobile attack surface continues to grow, enterprises must adapt their security strategies. The Jamf report illustrates that attackers are currently outpacing defenders. Organizations need to gain better control over their mobile estates to protect sensitive data effectively. Security is a moving target, and as new threats emerge, so must the defenses against them.