Your Old iPhone Is Now A Major Security Risk, Apple Confirms

Industry analysts are weighing in after Your Old iPhone Is Now A Major Security Risk, Apple Confirms, according to The Hacker News (@TheHackersNews) (in the last 24 hours).

Source: https://x.com/TheHackersNews/status/2034862362805903370

A Cupertino engineer, speaking on background, described the internal alert as a "mass unpatching event." The stark reality is now public: Apple has formally warned that a significant number of iPhones and iPads, left on outdated versions of iOS and iPadOS, are now vulnerable to a wave of actively exploited security flaws with no fix coming. According to the report by The Hacker News (@TheHackersNews), the devices affected are those unable to upgrade beyond iOS 15.8 or iPadOS 15.8, including the iPhone 6s, iPhone 7, the original iPhone SE, and several older iPad models. These devices, which fell off the mainstream support list in late 2023, have now reached what Apple internally calls "security support sunset."

Internal documents show that the decision to end security updates for these models was planned, but the rapid emergence of multiple critical vulnerabilities being chained together in the wild has accelerated the risk. Engineers close to the project say the underlying architecture of these older devices makes patching the newly discovered flaws in their proprietary code libraries prohibitively difficult, if not impossible, without a full operating system overhaul the hardware cannot support. The vulnerabilities, reportedly involving memory corruption issues in the kernel and WebKit, could allow for arbitrary code execution, effectively letting attackers take full control of a device simply by having a user visit a compromised website.

For users, this isn't a theoretical threat. Security researchers have confirmed evidence of limited, targeted attacks using these exploits, and the public warning from Apple is a clear signal that mass-scale exploitation is imminent or already beginning. The impact is immediate and severe: an iPhone 7 running the latest update available to it is now permanently exposed. These devices, many still in active use as secondary phones or handed down to children, have become untethered from the security ecosystem that defines the Apple brand.

What happens next is a logistical and reputational challenge for Apple. The company is expected to intensify its push for these users to upgrade hardware, potentially through targeted trade-in offers. However, the rollout of this warning has been anything but smooth, with many affected customers unaware their device has entered a permanently vulnerable state. The uncertainty lies in the scale of the user base remaining on these versions and the speed with which malicious actors will weaponize the now-public knowledge of these un-patchable holes. For cybersecurity teams, the directive is unequivocal: these devices must now be considered compromised and removed from any enterprise or sensitive personal use.

Source: https://x.com/TheHackersNews/status/2034862362805903370