Hey just remember, Apple cares about your "privacy" and "security" more than anyone else. That's why iOS is locked down from those nasty people who would infect you if there was side loading.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PSA: Safari Security Flaw 'Actively Exploited,' Update Your Apple Devices Now
- Thread starter MacRumors
- Start date
- Sort by reaction score
One thing is old tech dying an eventual death, but another thing is it being deliberately bricked by the company that sold it to you because they won't allow you to install an update.
It doesn't effect any macOS user if they avoid riding the "privacy" and "security" high horse that is Safari.
I guess their iOS 15 upgrade numbers weren't good enough for the Sept 7th keynote, so they needed to scare more people into upgrading...
I don't always come up with conspiracy theories, but when I do, they turn out to be true 8 years later...
My first security conspiracy theory was three-letter agencies had infiltrated tech companies to ensure spying and take-over methods existed. And then we found out they did that for the Iranian nuclear program.
Then I said the encryption methods they tell us about were ones they already know how to crack.. and then we found out what's why NIST recommended the P-256 curve for EC encryption...
Then the conspiracy theory was they use the urgent security updates to introduce new vulnerabilities into our systems...
So at this point, I'm just trying to stay ahead of the revealed conspiracies, since the current conspiracies are always at least a step ahead of what we've found out about...
I don't always come up with conspiracy theories, but when I do, they turn out to be true 8 years later...
My first security conspiracy theory was three-letter agencies had infiltrated tech companies to ensure spying and take-over methods existed. And then we found out they did that for the Iranian nuclear program.
Then I said the encryption methods they tell us about were ones they already know how to crack.. and then we found out what's why NIST recommended the P-256 curve for EC encryption...
Then the conspiracy theory was they use the urgent security updates to introduce new vulnerabilities into our systems...
So at this point, I'm just trying to stay ahead of the revealed conspiracies, since the current conspiracies are always at least a step ahead of what we've found out about...
I'm amazed at how frantic the press has been about this one. I don't recall other actively exploited Safari bugs getting this kind of attention.
Yes you are right no body forcing them to buy just clever psychology game knowing you have no choice later stage…
Eg: you got iPhone 6, it is still working at the present however you cannot update to the latest iOS, obviously you want latest iOS and you have no choice but to buy new iPhone.
Lots of people still using older iPhone that’s what I’m saying it is Apple responsibility to keep things safe as possible.
White/Black hat can take advantage of older iOS and you have no idea what they gonna do.
what Apple gonna do about it?
Nope - you're SOL (at least that I'm aware of).
I was a holdout on Mojave for much the same reason but decided that the 32-bit programs that I have been using, were not as important as updating to protect against the potential ramifications of this exploit since I use Safari a lot (as well as FF).
Hence just upgraded to Catalina, the last OS that my ancient 2013 MBP can use...
I was a holdout on Mojave for much the same reason but decided that the 32-bit programs that I have been using, were not as important as updating to protect against the potential ramifications of this exploit since I use Safari a lot (as well as FF).
Hence just upgraded to Catalina, the last OS that my ancient 2013 MBP can use...
All this buzz has left me confused. 10 "Easy" Questions.
1. Apple's description makes it sound as if the issue is with Monterrey itself, not earlier Mac OSs.
Is that true?
2. Is Mojave at risk? Gobs of people are still using it, especially to run 32-bit apps. What are the odds that Apple will patch it and its version of Safari (or WebKit) to make it and its devices secure?
3. Is e-mail at risk? After all, it uses the Internet.
4. Does using Firefox solve the problem for web browsing?
Several have written that non-Safari browsers are not affected. How can we can be sure? Isn't the issue with Web Kit, which other some or many other browsers use, too?
Apple makes a pitch for upgrading to iOS 15.6.1. See below.
Several questions arise.
5. How does the 2016, 1st gen, iPhone SE fit into this? Is it an "iPhone 6s and later" phone? How would a mere mortal know that?
6. How well or poorly does iOS 15.6.1 run on a 2016 iPhone SE?
7. Does the vulnerability affect news apps?
I assume there's an issue using Safari to go to a news site, but what about running the apps themselves? For example, The New York Times or The Guardian apps?
8. Is Apple's Podcast app affected?
9. Whether on an iPhone, iPad, or Mac?
10. Does this mean that iPod Touches 6 and earlier really shouldn't use the Internet?
Apple has left millions in the dark on all this -- it's one thing to not want to reveal details of the security breaches, that's understandable, but it's quite another to sow confusion about which devices, computers, and OSs are vulnerable? And, whether it's a Safari, Internet, or general problem?
Maybe MacRumors could do a follow-up story, built around the questions, concerns, and points raised in this thread and elsewhere, and give us definitive answers!
That'd be a good public service, especially for the non-techies who make up a majority of Apple's users!
1. Apple's description makes it sound as if the issue is with Monterrey itself, not earlier Mac OSs.
"macOS Monterey 12.5.1
Released August 17, 2022
Kernel
Available for: macOS Monterey"
Yet, most everyone is responding as if ALL Macs need to be updated. See https://support.apple.com/en-us/HT201222Is that true?
2. Is Mojave at risk? Gobs of people are still using it, especially to run 32-bit apps. What are the odds that Apple will patch it and its version of Safari (or WebKit) to make it and its devices secure?
3. Is e-mail at risk? After all, it uses the Internet.
4. Does using Firefox solve the problem for web browsing?
Several have written that non-Safari browsers are not affected. How can we can be sure? Isn't the issue with Web Kit, which other some or many other browsers use, too?
Apple makes a pitch for upgrading to iOS 15.6.1. See below.
| iOS 15.6.1 and iPadOS 15.6.1 | iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) | 17 Aug 2022 |
Several questions arise.
5. How does the 2016, 1st gen, iPhone SE fit into this? Is it an "iPhone 6s and later" phone? How would a mere mortal know that?
6. How well or poorly does iOS 15.6.1 run on a 2016 iPhone SE?
7. Does the vulnerability affect news apps?
I assume there's an issue using Safari to go to a news site, but what about running the apps themselves? For example, The New York Times or The Guardian apps?
8. Is Apple's Podcast app affected?
9. Whether on an iPhone, iPad, or Mac?
10. Does this mean that iPod Touches 6 and earlier really shouldn't use the Internet?
Apple has left millions in the dark on all this -- it's one thing to not want to reveal details of the security breaches, that's understandable, but it's quite another to sow confusion about which devices, computers, and OSs are vulnerable? And, whether it's a Safari, Internet, or general problem?
Maybe MacRumors could do a follow-up story, built around the questions, concerns, and points raised in this thread and elsewhere, and give us definitive answers!
That'd be a good public service, especially for the non-techies who make up a majority of Apple's users!
The tech in the mobile phone market is not as long-lived as desktops. Even desktops at some point in time fall out of the ability to update software. Don't know how long android is supported. For example android phones released in 2016 such as the note 4 or experia z3...do these phones receive security patches?
It's a possibility that with ios 16 ability to deliver security patches, ios 16 and the hardware that it supports, may have a longer life. However, at this point it seems hardware and updates are limited to about 7 years on ios.
I really have to look into this Ubuntu more, I remember when it first came out, just never looked into it, but I got older devices now, they could use it.
You can't make this stuff up!
“One is something called ‘The Colonel,’” he said. “Think about The Colonel as the heart and brains of every Apple device – that a fundamental flaw in it could allow any external attacker, used by a nation-state intelligence agency, the ability to access your entire device.”
Quoted from:
finance.yahoo.com
“One is something called ‘The Colonel,’” he said. “Think about The Colonel as the heart and brains of every Apple device – that a fundamental flaw in it could allow any external attacker, used by a nation-state intelligence agency, the ability to access your entire device.”
Quoted from:
Security expert: You should update your Apple devices 'immediately'
It’s time to update your Apple (AAPL) devices – and do it now, according to BlackCloak CEO Chris Pierson (video above).
If a company develop operating system for any devices - it's important to patch up security for all versions - lots of people still using from old to present version.
I know lots of company do run older windows and Mac OS because they run on custom applications - it will cost them lots of money to re-update the whole things...Why waste money if things work for years to come? Tech keep changing all the times but serve no practical purpose just faster CPU or sometime software slow down.
The above is a strawman.
Didn’t address the important question of android. Android used to be 2 years support at the time apple was 5. What is the benchmark in the mobile phone market.
Go ahead and recycle it. Facts are apple both locked you out of it and ends support on old things. Personally I'd like them to release the keys so you can jailbreak and attempt the open source support path but I don't see that happening for a variety of reasons. Biggest one would be the device driver blobs.
Still waiting for some love for my perfectly good iPad Air that is susceptible to this bug and unable to update past iOS 12.5
If Apple carry on like this, I can seriously see a day when the company gets broken up by the US gov or the EU. I'm fortunate enough to be able to replace my devices periodically, but it strikes me that there must be many people not so lucky who are in a precarious state when they do something as innocuous as browse the internet.
There was a time when Microsoft was very nearly broken up because they were playing silly buggers, being the owners of the dominant operating system and office product suite. You could only install Office on a Microsoft OS. MS eventually learned the errors of their ways and avoided being broken up by making Office available for other platforms, breaking the strong tie between OS and apps.
In my opinion there's something to be said for having an Apple hardware division that continues to make new innovative products. But maybe split off the software division as a separate business entity. Don't provide the OS and apps for nothing: charge for it and charge for updates. There would then be an inducement to support perfectly good hardware like yours for much much longer.
The software company would have to convince itself that they would make enough of money developing updates for older devices to make a profit. At some point even they would likely decide that the time needed to develop an update for an iPhone 4 isn't worth it. My impression is that people who can afford an iPhone in the first place would be able to trade up every few years. Those who can't will have to go Android.
Recyling devices isn't the answer. The answer is longer support cycles which reduce how often a new device has be made - the most environmentally damaging part of a device's lifecycle is the production, and if the frequency this needs to occur per user is reduced, each user has less of an environmental impact.
Good questions.All this buzz has left me confused. 10 "Easy" Questions.
1. Apple's description makes it sound as if the issue is with Monterrey itself, not earlier Mac OSs.
"macOS Monterey 12.5.1Released August 17, 2022KernelAvailable for: macOS Monterey"Yet, most everyone is responding as if ALL Macs need to be updated. See https://support.apple.com/en-us/HT201222
Is that true?
2. Is Mojave at risk? Gobs of people are still using it, especially to run 32-bit apps. What are the odds that Apple will patch it and its version of Safari (or WebKit) to make it and its devices secure?
3. Is e-mail at risk? After all, it uses the Internet.
4. Does using Firefox solve the problem for web browsing?
Several have written that non-Safari browsers are not affected. How can we can be sure? Isn't the issue with Web Kit, which other some or many other browsers use, too?
Apple makes a pitch for upgrading to iOS 15.6.1. See below.
iOS 15.6.1 and iPadOS 15.6.1 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 17 Aug 2022
Several questions arise.
5. How does the 2016, 1st gen, iPhone SE fit into this? Is it an "iPhone 6s and later" phone? How would a mere mortal know that?
6. How well or poorly does iOS 15.6.1 run on a 2016 iPhone SE?
7. Does the vulnerability affect news apps?
I assume there's an issue using Safari to go to a news site, but what about running the apps themselves? For example, The New York Times or The Guardian apps?
8. Is Apple's Podcast app affected?
9. Whether on an iPhone, iPad, or Mac?
10. Does this mean that iPod Touches 6 and earlier really shouldn't use the Internet?
Apple has left millions in the dark on all this -- it's one thing to not want to reveal details of the security breaches, that's understandable, but it's quite another to sow confusion about which devices, computers, and OSs are vulnerable? And, whether it's a Safari, Internet, or general problem?
Maybe MacRumors could do a follow-up story, built around the questions, concerns, and points raised in this thread and elsewhere, and give us definitive answers!
That'd be a good public service, especially for the non-techies who make up a majority of Apple's users!
I'm concerned about Mojave because it's the last "official" Mac operating system for my upgraded 2010 Mac Pro. My machine continues to work just fine while I wait for the Apple Silicon Mac Pro, but its operating system needs a little help from Apple to keep it secure while I wait.
When I moved all of my business and family devices to Apple a dozen years ago, privacy and security were important factors. They still are, and I've happily paid Apple's premium margins on the many products I've purchased from them because I believed they understood this and would always act accordingly.
If Apple "orphans" my Mojave Mac Pro, just months before the Apple Silicon Pro is available, it will send a clear message that my commitment to the Apple ecosystem was misplaced. If that's the case, it's fine and I'll live, but it will also be fine for me to explore other options for my computer purchases going forward.
I explained this to Tim Cook in a polite note to his public email at tcook@apple.com. If you have similar concerns, it might be good to send Tim an email, before the short-sighted bean counters screw this up beyond all recognition.