No love for devices stuck on ios 15? Yes, it's technically out of support, but less than two weeks ago apple released 15.7.1 which is a security patch.
That’s not what that says. Apple does not commit to updating older versions for EVERYTHING. That does not mean they don’t patch them at all - here’s the official verbiage:
“Upgrades are released much less frequently than updates, and can take a while to install because of their large size. Also, older devices may not be eligible for upgrades because they don’t have the space or power to support the new software.
Note: Because of dependency on architecture and system changes to any current version of macOS (for example, macOS 13), not all known security issues are addressed in previous versions (for example, macOS 12).”
This matches what we’ve seen before where many updates come out for older versions but they’re not making Red Hat-style efforts to back port patches for ages rather then pushing people to make major upgrades.
A bunch of devices lost support with iOS 13. I don't remember offhand but a quick search shows that the iPod Touch 6th Gen was discontinued the latest of the iOS 12 supported devices. It was sold through mid 2019. So I think that's why.
One would have to do a careful analysis whether iOS 12.x really gets all the security love it requires. Last time I checked (probably 1-2 years ago) the iPhone 5s (a backup smartphone I used) missed security updates.
With how much money Apple has and how much they promote security. It's quite shocking how we see a major preventable vulnerability come out pretty much every single month.
Some credit to them for fixing these things and rolling out the fixes quickly, but at some point we have to question why iOS needs urgent security patches constantly. And you know that all the large governments have troves of these iOS bugs sitting unreported.
Thank you, Apple friends! You’ve made the world a better place, and I salute your subtle bug-fixing acumen. These can’t have been easy to find, and you have my completely unironic gratitude.
(I know this sounds extremely corny, but someone should say it.)
I note that Debian fixed these a few days earlier. Based on the commits/issues up-thread it sounds like these were embargoed for a while, so I wonder why the difference in release dates between Debian and Apple.
Seems odd that the macOS update for libxml is 600MB and requires a reboot, not to mention that it requires a reboot on macOS ace Ventura - which was toted as not needing reboots for most security updates.
31 comments
[ 3.0 ms ] story [ 102 ms ] threadCVE-2022-40304: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433...
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
https://gitlab.gnome.org/GNOME/libxml2/-/issues/401
really great darknet interview too!!! thanks for your amazing work
they probably do it in a best effort basis and some fixes are skipped when it's too much work to backport.
“Upgrades are released much less frequently than updates, and can take a while to install because of their large size. Also, older devices may not be eligible for upgrades because they don’t have the space or power to support the new software.
Note: Because of dependency on architecture and system changes to any current version of macOS (for example, macOS 13), not all known security issues are addressed in previous versions (for example, macOS 12).”
This matches what we’ve seen before where many updates come out for older versions but they’re not making Red Hat-style efforts to back port patches for ages rather then pushing people to make major upgrades.
https://support.apple.com/en-us/HT213428
This seems like a more important issue to address than simply fixing this one instance where it was found.
Some credit to them for fixing these things and rolling out the fixes quickly, but at some point we have to question why iOS needs urgent security patches constantly. And you know that all the large governments have troves of these iOS bugs sitting unreported.
- Anyone having any issues with charging their iPad Pro 11/12 <<gen>> after upgrading to 16.1?
(I know this sounds extremely corny, but someone should say it.)
https://www.debian.org/security/2022/dsa-5271