Last updated on: September 6, 2020
There’s been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vectors of attack. This is unfortunate, as one of the primary tenets of keeping systems relatively secure is to maintain current patch levels. And when most users, including probably most businesses, need to update their systems, they tend to trust and download the updates presented to them without confirming their authenticity.
In SC Magazine’s Hot or Not: Software update vulnerabilities, Amol Sarwate of the Qualys Vulnerabilities Research Lab discusses how automatic update features in many software applications are proving to be vulnerable to attack now that hackers are taking notice.