I'd like to give kudos to Apple for including the iPhone 5S in this security update, which was released on September 20, 2013, over 7 years ago! Supporting a product for even 3 years is rare in the smartphone world.
Wouldn't last official sale date be a better indicator of true device support? For example if someone bought it in an Apple store on the last day available, how long period would they have received updates for?
My 8 (or 10?) year old AppleTV just got an update today. I was excited because the YouTube app pause function stopped working after the previous update a couple of weeks ago. Alas the problem remains.
Since this is a security update I think it’s more about support of an OS which is only 2 yrs old than the class of device as that class was supported with the initial iOS 12 release.
This is what I try to explain when it comes to "why are you paying so much for Apple". Because when you buy a cheap Android phone from Xuoiamiaeoi or whatever, you get some custom crippled OS in god knows what ways in close to 0 long-term support from them.
A tricky thing about flagging "in the wild exploited vulnerabilities" in a title like this is that it suggests that sev:crit vulnerabilities in other updates that aren't flagged like this aren't being exploited in the wild. We get confirmation of only a subset of exploited vulnerabilities.
We'd be better off with a more neutral title, like "fixing severe vulnerabilities" or something like that.
We've changed the title above to that of the page. (Submitted title was "Apple releases iOS 14.2 and 12.4.9, fixing in-the-wild exploited vulnerabilities".)
The other thing to consider is that doing a binary diff on the OS before/after patching puts a big red arrow right at the location of the bug, which means that there's no reasonable expectation that it will remain unexploited after the patch.
It's not really that important, really. It's either being exploited yesterday, or tomorrow.
I think it's interesting how iOS exploits are cheaper[1] than Android exploits, because iOS exploits are so plentiful in comparison to Android exploits.
Linking to the 14.2 list (https://support.apple.com/en-us/HT211929) might be better? After clicking the headline link, it took me a few seconds to understand why we were caring about updates for the iPhone 5 and 6...
I think it's worth linking the 12.4.9 page because it's impressive that the software update is available going all the way back to the iPhone 5s. That's some serious longevity.
The problem with these updates is that it's only for devices that can only support up to iOS 12 (in this case) - if you have another device that supports anything higher but don't want upgrade to the latest iOS, you still won't get these iOS 12 security updates - they force you to upgrade the entire OS to get them.
Anybody get a bitter sweet feeling when ever these reported and fixed security exploits announcements happen?
It's good that users aren't going to risk getting hacked by such vulnerabilities, but its bad that users can no longer uses these exploits to gain administrative control over their property.
Nevermind right to repair, how about right to own...
The fact that you're even being downvoted for this shows just how far the authoritarian control-freaks have taken over and brainwashed everyone with paranoia to jump right into their jail.
Maybe I got hit with one of these, my phone stopped being able to answer phone calls and auto focus stopped working (like something re flashed the firmware on a bunch of the internal peripherals.)
I was going to wait until the software on my pinephone was more mature but that pushed me over the edge to get power management working on my own and make sure it could make phone calls. I think dumping iOS has done a lot for my mental health and I'm glad to have left it.
Per PZ, the attacks here are targeted, meaning that the people exploiting them spent a fair bit of money to get these exploits, and are presumably very unhappy that they are burned. Unless you are special, it's unlikely that you got hit with one of these.
> I was going to wait until the software on my pinephone was more mature but that pushed me over the edge to get power management working on my own and make sure it could make phone calls.
I guess stress is personal, because this sounds way more stressful than anything I've had to deal with on iOS! And I say that as someone who'd like to get a more open (hardware and software) phone in the future.
alewi481|5 years ago
Y-bar|5 years ago
For example in mid 2017 it was still officially sold by Apple in India (source: https://www.iphonehacks.com/2017/05/apple-iphone-5s-iphone-s...).
als0|5 years ago
namanaggarwal|5 years ago
ponker|5 years ago
RotANobot|5 years ago
gcheong|5 years ago
PopsiclePete|5 years ago
tptacek|5 years ago
We'd be better off with a more neutral title, like "fixing severe vulnerabilities" or something like that.
thatguy0900|5 years ago
dang|5 years ago
sneak|5 years ago
It's not really that important, really. It's either being exploited yesterday, or tomorrow.
baby|5 years ago
patio11|5 years ago
1over137|5 years ago
heavyset_go|5 years ago
[1] https://arstechnica.com/information-technology/2019/09/for-t...
rozab|5 years ago
JumpCrisscross|5 years ago
Variables appear to be size of user base, average disposable income, mean time to patch and number of competing exploits in the market.
duxup|5 years ago
The article implies that before it was written that wasn't the case previously.
vxNsr|5 years ago
kogir|5 years ago
win32k|5 years ago
[deleted]
saagarjha|5 years ago
jamiehall|5 years ago
snazz|5 years ago
sebastien_b|5 years ago
olliej|5 years ago
hosteur|5 years ago
MrStonedOne|5 years ago
It's good that users aren't going to risk getting hacked by such vulnerabilities, but its bad that users can no longer uses these exploits to gain administrative control over their property.
userbinator|5 years ago
The fact that you're even being downvoted for this shows just how far the authoritarian control-freaks have taken over and brainwashed everyone with paranoia to jump right into their jail.
snazz|5 years ago
beagle3|5 years ago
lern_too_spel|5 years ago
swiley|5 years ago
I was going to wait until the software on my pinephone was more mature but that pushed me over the edge to get power management working on my own and make sure it could make phone calls. I think dumping iOS has done a lot for my mental health and I'm glad to have left it.
tptacek|5 years ago
asimilator|5 years ago
I guess stress is personal, because this sounds way more stressful than anything I've had to deal with on iOS! And I say that as someone who'd like to get a more open (hardware and software) phone in the future.