Might as well say it since nobody else commented about it, but modem/soc vendors are huge limiting factor on longterm android support. Qualcomm maintains these updates for only a few years, basically nothing earlier than around 2020-2021 gets kernel driver or modem updates.
Of course it's still up to phone manufacturer to integrate these changes, but it puts an effective security support timeline on even 3rd party ROM's like lineageos. They can cherrypick, but it's not as secure once that support ends.
Apple has almost everything in-house (except until recently, modems). So they have a ton of flexibility in continuing to provide updates.
Not surprised. I met with Samsung for work purposes to buy hundreds of phone, and the best they could do with their flagship phones was offer 3 years of security updates. This was around 2019. Apple, who didn't meet with us, was around 6 years from our estimate.
From a ROI, for corporate phones, Apple iPhones had a longer lifespan, which is why we bought hundreds of iPhones, and not Androids.
On a personal note, I had the Nexus S, the Nexus 5, and they all died a horrible death either from lack of updates, or just having the physical button break, and the microphone stop working.
And let us not speak of Sony Xperia Z5, which all of sudden removed their fingerprint sensor due to a North American patent problem. They also broke their bluetooth audio so that song names STOPPED being displayed. That was all in a span of less than 3 years.
Never again Sony Android phones.
At that point, I got fed up of custom ROMS and joined the "iPhone, it just works" group and moved on.
It's interesting Apple is doing this specifically to protect old devices from seemingly nation state sponsored attacks:
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?
Headline is slightly misleading. It implies that the update is only available on the 6s, when in reality it's available for:
> iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
That's a lot of devices, more so than "10-year old iPhone 6s" implies.
I won't be upgrading my iPhone 7 and 4th gen iPad mini, because I don't want to take the chance that the update needs an update to Dopamine to be jailbroken. Fortunately they're secondary devices for me.
This reeks in all possible ways of nation state activity.
Apple does support their phones for some time. But note that 10 years is only if you bought the iPhone 6s when it was new and at its most expensive. The iPhone 7 (Plus) wasn't discontinued until 2019 and is on the same iOS version. So it got something like 3 years of OS upgrades (impacting app support) and 6 years of security upgrades in the worst scenario.
It’s great that they made an update.
It’s not clear to me if this can result in a RCE. If it does, then does this mean that enough iPhone 6s are still out in the wild where a bad actor could easily take over a big enough portion to do more nefarious things?
"iOS 18.6.1 0-click RCE POC", 50 comments, https://news.ycombinator.com/item?id=45019671
Cudos to Apple for those updates.
Although I'm not sure that people who are running an OS/device that ancient are the ones that are going to upgrade or even know what an upgrade is.
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
This doesn't really mean much on account of the iOS ecosystem only supporting the latest two OS versions in their apps as a general rule. Once you are behind 2 versions, your device becomes quite useless at that point
Kudos to Apple but are they going to update iPhone 8 firmware too? Think it’s been over a year since the final release. (Surely security vulnerabilities have been discovered since then!!)
I wish they would do the same for iOS 17, instead of forcing users to upgrade to iOS 18. A bunch of superfluous works and many of them even erroneous. Alarm clock for example: if you didn't allow it to snooze, pressing on the power button will snooze it, but without the possibility to turn it off easily. Why on earth would somebody rewrite the alarm clock?!
I'm no Apple fanboi--quite the opposite. But I take a note of this act and tip my hat, considering how Android OEMs have been pumping out abandonwares.
honestly this is incredible, though i'm not sure how the android space is catching up? apparently google and samsung have been promising 5/6 years of software updates recently as well
[dead]
[dead]
[dead]
[flagged]
Well, good. The moment they stop, it's declared E-waste and Apple suggests you give it to them for free.
Fucked-up world we live in where a disposable vape can be reused for more purposes than an iPhone with expired software support.
Well you need to protect the store. This sounds like something useful to root a device.
If Apple followed Security Development Lifecycle (SDL) well, the update should not be here.
Bunch of negativity on Apple UI recently, but you gotta give Apple credit for supporting really old phones. Google Pixel, forget about it lol