←back to thread

About the security content of iOS 15.8.5 and iPadOS 15.8.5

(support.apple.com)
328 points jerlam | 1 comments | 17 Sep 25 00:34 UTC | HN request time: 0.332s | source
Show context
sunrunner ◴[17 Sep 25 01:00 UTC] No.45270286[source]
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?

replies(7): >>45270299 #>>45270338 #>>45270340 #>>45270394 #>>45270424 #>>45270622 #>>45270949 #
1. altairprime ◴[17 Sep 25 01:01 UTC] No.45270299[source]
No specific timeframe is defined, but they tend to release things that matter really far back — like, the Apple CA certificate expiration update went out a few years ago to basically the entire deployed Square terminal iPad userbase, etc. I expect it’s driven by telemetry and threat model both. Presumably the cutoff is wherever the telemetry ceases!