←back to thread

About the security content of iOS 15.8.5 and iPadOS 15.8.5

(support.apple.com)
328 points jerlam | 1 comments | 17 Sep 25 00:34 UTC | HN request time: 0s | source
Show context
alexchantavy ◴[17 Sep 25 02:02 UTC] No.45270697[source]
Bunch of negativity on Apple UI recently, but you gotta give Apple credit for supporting really old phones. Google Pixel, forget about it lol
replies(5): >>45270867 #>>45271018 #>>45271120 #>>45271329 #>>45274018 #
edgineer ◴[17 Sep 25 02:44 UTC] No.45271018[source]
My Pixel XL here works great for scrolling at night. I'm skeptical of the "no more system updates" boogeyman; I'd love some case studies or anecdotes about the real-world threats that using an old devices exposes me to.
replies(3): >>45271529 #>>45271980 #>>45273902 #
1. jeroenhd ◴[17 Sep 25 10:10 UTC] No.45273902[source]
Realistically, your malware exposure risk has three parts:

- The apps you run get exploited and your outdated OS can't protect you - An app you install exploits your OS - Someone attacks a system component and exploits your OS

The first risk can be mitigated mostly by just updating your browser/email client/webview engine/etc, which Google supports long past an OS version's lifetime. Android apps typically get updated for five or six versions behind the latest one.

The second attack vector is always a risk (0days do exist), but probably won't harm you if you have a set of trusted apps. There's always the risk of a supply chain attack, but I haven't heard of that in practice outside of cracked apps or that shitty spamware you find on Google Play.

The third vector probably won't affect you either because most system components aren't directly exposed. iOS has a history of getting exploited through simple MMS messages but on Android those processes are harder to exploit (and can often be updated years later through Google Play if you use the Google ones).

There was a huge flaw in Google's Bluetooth stack which pretty much allowed RCE on any phone with Bluetooth enabled. If your phone hasn't been patched against that, you have to be careful about leaving Bluetooth oh. Same goes for WiFi, but those bugs are harder to exploit.

There's a risk, but in practice millions to billions of people use outdated Android versions and malware strains abusing that fact aren't very common, especially not if you don't install weird third party apps from shady sources.

Part of the challenge of exploiting Android devices in practice is that there are endless combinations of firmware versions+device models+system app versions+kernels. iOS, on the other hand, generally has a handful of models, often running predictable software stacks because of Apple's decent track record when it comes to software updates.

Android exploitations does exist: various spyware companies use remote attack vectors, including WhatsApp or MMS like on iOS, to deploy targeted exploit chains to their victims. In practice, that's a risk to journalists, human rights activists, and other people The Government Doesn't Like Very Much (any government, really). Outdated phones are also easily dumped by law enforcement, so if you do anything that could be considered illegal, better not take your phone across international borders.