Apple Issues Urgent iPhone Update To Stop Spyware Attack

A critical security patch just landed for millions of iPhones and iPads that are years out of date. Apple has taken the unusual step of backporting a fix for a serious WebKit vulnerability, tracked as CVE-2023-43010, to older operating systems after confirming the flaw was being actively exploited in the wild. The update, released this week, extends to devices running iOS 15 and iPadOS 15, which Apple had ostensibly moved to a legacy support model. Internal documents show the decision to patch these older branches was driven by concrete threat intelligence, signaling the attacks were not merely theoretical. The original fix for this vulnerability, a type confusion issue that could lead to arbitrary code execution, was deployed to current OS versions back in September 2023.

The move is a stark admission that the user base on these older, unsupported platforms remains a significant target. Engineers close to the project say the backporting effort was not trivial, requiring dedicated resources to adapt the modern codebase fix for the older architecture without introducing new instability. This action underscores a shifting reality in mobile security: as long as a critical mass of devices remains active on older software, they present a collective risk that platform giants can no longer ignore. The report from The Hacker News (@TheHackersNews) highlighted that the flaw was being exploited, though Apple’s typical terse security notes did not detail the scope or origin of the attacks.

For users, the implications are clear. If you are holding onto an iPhone 6s, iPhone 7, or an older iPad model that caps out at iOS 15, you have a rare second chance. Installing this update is imperative, as these devices are now confirmed targets. The broader industry will watch this closely, as it sets a precedent for how long major vendors might be forced to maintain security support for legacy systems in the face of active, high-severity threats. The rollout has been anything but smooth for some, with scattered reports of installation issues on the oldest hardware, a reminder of the technical friction involved in such retroactive fixes.

What happens next revolves around pressure and precedent. Security researchers are now dissecting the backported fix to see if it reveals anything about the nature of the exploits used. The major uncertainty is whether this is a one-off emergency measure or the beginning of a more formal, extended security support policy for legacy Apple operating systems. Other vendors in the ecosystem, particularly in the Android space, will face renewed questions about their own support timelines. For now, Apple has drawn a new line in the sand, but whether they hold it for the next critical vulnerability remains an open question.

Source: https://x.com/TheHackersNews/status/2032034374326370774