31 comments

[ 3.0 ms ] story [ 102 ms ] thread
No love for devices stuck on ios 15? Yes, it's technically out of support, but less than two weeks ago apple released 15.7.1 which is a security patch.
Should still be supported for security updates, maybe it'll be released in a couple of days.
they release some security updates for older phones and oses

they probably do it in a best effort basis and some fixes are skipped when it's too much work to backport.

That’s not what that says. Apple does not commit to updating older versions for EVERYTHING. That does not mean they don’t patch them at all - here’s the official verbiage:

“Upgrades are released much less frequently than updates, and can take a while to install because of their large size. Also, older devices may not be eligible for upgrades because they don’t have the space or power to support the new software.

Note: Because of dependency on architecture and system changes to any current version of macOS (for example, macOS 13), not all known security issues are addressed in previous versions (for example, macOS 12).”

This matches what we’ve seen before where many updates come out for older versions but they’re not making Red Hat-style efforts to back port patches for ages rather then pushing people to make major upgrades.

They are still maintaining iOS 12...

https://support.apple.com/en-us/HT213428

    Published Date: August 31, 2022
IIRC iOS 12 is a special case for a specific device set.
Do you have any details on why this is the case, thats super interesting.
A bunch of devices lost support with iOS 13. I don't remember offhand but a quick search shows that the iPod Touch 6th Gen was discontinued the latest of the iOS 12 supported devices. It was sold through mid 2019. So I think that's why.
One would have to do a careful analysis whether iOS 12.x really gets all the security love it requires. Last time I checked (probably 1-2 years ago) the iPhone 5s (a backup smartphone I used) missed security updates.
Is ios 15 vulnerable? I assume it is, but I can't find a good answer.
Yes, iOS 15 is vulnerable to these and probably others.
Everything is probably vulnerable to other vulnerabilities...
Why are core iOS libraries susceptible to integer overflow vulnerabilities?

This seems like a more important issue to address than simply fixing this one instance where it was found.

Because it's just like any other open-source library written in an unsafe language.
With how much money Apple has and how much they promote security. It's quite shocking how we see a major preventable vulnerability come out pretty much every single month.

Some credit to them for fixing these things and rolling out the fixes quickly, but at some point we have to question why iOS needs urgent security patches constantly. And you know that all the large governments have troves of these iOS bugs sitting unreported.

There is a Silver Bullet — and here it is.
Because there is the myth of the perfect C coder, and then there is the hard reality.
Correction: Because it's just like any other library written in an unsafe language.
Question:

- Anyone having any issues with charging their iPad Pro 11/12 <<gen>> after upgrading to 16.1?

My ipad pro 2021 is charging fine after update.
Looks like there’s an issue with a chip on my mobo of the iPad. Womp womp womp
Thank you, Apple friends! You’ve made the world a better place, and I salute your subtle bug-fixing acumen. These can’t have been easy to find, and you have my completely unironic gratitude.

(I know this sounds extremely corny, but someone should say it.)

I note that Debian fixed these a few days earlier. Based on the commits/issues up-thread it sounds like these were embargoed for a while, so I wonder why the difference in release dates between Debian and Apple.

https://www.debian.org/security/2022/dsa-5271

Seems odd that the macOS update for libxml is 600MB and requires a reboot, not to mention that it requires a reboot on macOS ace Ventura - which was toted as not needing reboots for most security updates.