For those who say Apple never updates software for old discontinued products:
The truth is, they will issue updates if the bug is severe enough.
2 Likes
I’ve a Six somewhere I’ll have to root out. Good to know.
My wife’s iPhone 6 is running iOS 12. xx, so Iooked for the update. All I found was an update to iOS 15.xx. That’s far too big a leap for the old phone. But no sign of iOS 12.5.7. How do I get this update?
As always, updates like that are only offered to devices that cannot install a higher iOS version. Since the 6 can run iOS 15, but not iOS 16, the 6 will only be offered the highest version of iOS 15. Apple stops signing anything older for that phone.
So iOS 12.5.7 is only available to, I think, the iPhone 5s. There are probably iPad models that can update to iPad is 12.5.7.
Not when the update involves an exploit that has been found in-the-wild, IMHO.
I don’t disagree with that. But I’m always curious I admit. “In the wild” gets thrown around as this big scare word and some kind of security catch-all to tell people to just finally do as they’re told.
But here, for this exploit specifically, has there ever been any report of actual damage incurred by a real user? Is this a potential threat or something that has actively been used to actually damage somebody?
1 Like
I have no more information than you do, but the fact that Apple updated such old versions of iOS is significant to me.
Apple usually does not update old system software. And it is well known that they don’t fix every CVE that is discovered - they sometimes decide that the security hole won’t have any practical impact on users and choose to not patch the code.
So the fact that they patched this, and patched it for devices that no longer have any support tells me that Apple considers it more serious than most security bugs.
It’s obvious how Apple feels about it, but that wasn’t the question.
I’m curious if there is documented damage that has resulted to one (or several) individuals from this exploit. Obviously, just because it’s not widely reported doesn’t mean it doesn’t happen. But if it has been reported, I’d be very curious to learn more.
Apple really never publishes anything beyond the basics. But this CVE received a severity score of 8.8 (out of 10, which would be the worst), so it’s considered pretty high severity.
1 Like
My main concern is will this update adversely affect the old phone’s performance. Previously I have updated computers upon Apple’s advice but ended up with a next to unusable computer. My wife has difficulties coping with a good phone, let alone a cranky one.
Interestingly, iOS 13 (and later) were noted for increasing performance, and IIRC older phones saw the most dramatic improvement. However, sometimes older phones have more battery drain with newer iOS releases. I know I ran my 6s on iOS 15 and it was never frustratingly slow.
Of course, once you update, there is no going back. But perhaps somebody who used an iPhone 6 can comment on the performance after iOS 12.
The phone in question is a 6s so I am heartened by your experience. I will upgrade it tonight. Thanks for the advice, I appreciate it.
Other than the previously sited reference to NIST posting on CVE-2022-42856, I have seen no specific reports of a user having suffered actual damage, nor if the reports indicated a particular group was targeted by the exploit (and I have been actively watching for same). Unless I learn otherwise, I’ll continue to assume the worst case and recommend an update.