back to article Apple patches all the iThings, including iOS 15 hole under attack right now

Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now. The actively exploited flaw, which is now patched on iOS and iPadOS 15, is in the WebKit engine: CVE- …

  1. Anonymous Coward
    Anonymous Coward

    I'll check.

    I still have an iPhone 6 around somewhere which I mainly use as audio recorder (still has the 3.5mm jack, don't like the fiddly 3.5mm to lightning tail to plug in a Rode Smartlav mic).

    Once I find it I'll see if it updates (as you can tell, I don't use it that often, it's buried somewhere with the audio gear as I now mainly use the Rode Go II. As it's 8 years old I think Apple can be forgiven for no longer providing updates, though, it has already had pretty much double the update lifespan of everyone else. Besides, all I use it for is the Rode reporter app and Wifi for transporting the resulting files and I'll keep doing that as long as the battery lasts and that is weirdly not gving any sign of retiring just yet. I think it's just being stubborn.

    Like its owner :).

    1. DS999 Silver badge

      Re: I'll check.

      A couple months ago Apple sent out a patch for iOS 12, which your 6 and the even older 5S can run - patching a 9 1/2 year old device! I think that's the WebKit patch they mentioned in the article that was related to this one.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'll check.

        Yes, I saw that come in. I have just unearthed it, it was hiding in a spare camera transport case.

        It had the update you mentioned already (as I apply these things usually when they come out on account of never really have come across an update that borked a phone) so it was running iOS 12.5.7.

        It appears there's no further update for it, so now you know :).

        I also realised why its battery lasts so long: I remembered it was one of the ones where Apple did something less kosher with battery management so they had to offer a free battery replacement. As far as I can tell they outdid themselves there, because that battery still reports 100% capacity and that's now at least 7 years ago, possibly because I've not used it that much.

        The later model 11 and 13 I have around are less well off with 84% and 95% capacity remaining respectively, but they see heavy daily use so I'm not surprised to see degradation there.

    2. -tim

      Re: I'll check.

      > As it's 8 years old I think Apple can be forgiven for no longer providing updates

      Why? It would take Apple a team of 5 engineers to provide critical security updates for everything they made since their G4 Mac days. Some times those patches would end up turning off features but they could keep the older equipment functional enough to not end up as landfill.

      Most countries have laws that say a product must be supported for a number of years based on its cost. Apple products tend to be in the category where those laws require a decade or two of support for critical problems.

  2. heyrick Silver badge

    Maybe time to consider...

    ...that a moving target like a browser ought to be updatable independently of the rest of the firmware?

    1. DS999 Silver badge

      Re: Maybe time to consider...

      Why? Apple can patch just the browser if they want - and that's what the patches for older versions were. It isn't going to make the process any faster if the browser could be patched outside an iOS update.

      The reason Google has to do it that way is because they have OEMs and carriers between them and customer phones, so the only way to guarantee patches will be delivered in a timely manner (or ever) is to push them out themselves. They can't do that for kernel or drivers, so for some classes of exploits you are screwed unless/until your carrier and OEM deliver the patch.

  3. Charlie Clark Silver badge

    Catalina users have been abandoned it seems

    Will we forever have to suffer with the random bug shit? Currently suffering from a bug that seems to be related to Safari's plugin mechanism. The system quickly becomes completely unusable and a hard restart is normally required. And yet you ask why I don't update to even more dumbed down (and therefore vulnerable) versions?

    1. Anonymous Coward
      Anonymous Coward

      Re: Catalina users have been abandoned it seems

      I'm guessing you also drive an old car because you don't trust them newfangled things like airbags and ABS..

      Not all discoveries are bugs - sometimes way too clever people find new ways to abuse facilities by doing things nobody thought of before. To stay with a car example - longlining the range of a car key with a bit of wire is something I didn't believe possible until I saw someone actually demonstrate it. Clever, and annoying at the same time..

      Things evolve. Sometimes it's worth evolving with them.

      1. Charlie Clark Silver badge

        Re: Catalina users have been abandoned it seems

        Actually, I don't have a car. But your comparison is nevertheless dreadful: if there is a problem with a car then the manufacturer is obliged to fix it: hence, the many recalls of various manufacturers over the years.

        That I'm not running the latest version of Apple's OS is for a reason: I can't remember the last major release that didn't take at least three point releases to be stable. Add to this the significant changes due to ARM and the integration of IOS code, and the motto "never fix a running system" springs to mind. More importantly, my backup machine (MBP 2016) is no longer supported by Apple so I need to keep both machines on the same version in case one goes down. And, much as I like Apple's hardware, I've had hardware issues with all the previous three models: batteries, USB daughterboards, fans, etc.

        I'm going to look at getting Open Core onto my backup machine.

      2. heyrick Silver badge

        Re: Catalina users have been abandoned it seems

        "longlining the range of a car key with a bit of wire"

        What does this mean? Asking Google just talks about fishing.

        1. Anonymous Coward
          Anonymous Coward

          Re: Catalina users have been abandoned it seems

          Take a few meters of wire (any cable will do).

          Walk away from car until it no longer reacts to the key remote.

          Roll out wire towards car from that point.

          Try again: you'll find it now opens. It's the cheap way to execute a relay attack to port the "I am here" key signal to the car vs. the "posh" way with transceivers.

          Now for the fun part: after you have recovered the wire and put it away, go back to the same spot. This time, hold your key against your head.

          That doesn't have quite the same range, but it works too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like