How many years is the oldest iPhone & iPad fully supported by Apple today?

Post by Wally J
This is an important question given iOS has the shortest full support
lifecycle of all common consumer operating systems, including Android.
*Apple fully supports only a _single_ operating-system major version*
That means, as of today, an iPhone 8, for example, is toast from a security
standpoint (which is why iOS has the most exploits of all mobile systems!).
Of the few iPhones & iPads which are still fully supported on iOS 17...
*How old are they?*
HINT: The iPhone XR, shipped in October 2018 is only five years old.
DOUBLEHINT: The iPhone 8 shipped in September 2017 is only six years old.
Think about _why_ I ask given iKooks lied for years about Apple support.

No one has lied about it except YOU, Arlen

Dorper

2023-09-27 23:52:37 UTC

Post by Wally J
which is why iOS has the most exploits of all mobile systems!

This is not true. There was typically a single vulnerability per version that
will allow for root access on an iPhone. These were typically used for
jailbreaking and usually required a connection to a computer and physical
access to the device. There isn't any exploit available for iOS 15 or 16 on
devices newer than A11 (because there is a boot exploit on earlier versions,
which is similar to unlocking a bootloader on an Android device). Of course
none of this can compare to BlackBerry 10's record of zero exploits from
release to discontinuation. There remains no way to gain root access on a
BlackBerry 10 device.

Wally J

2023-09-28 00:17:16 UTC

Post by Wally J
which is why iOS has the most exploits of all mobile systems!

For the past three years iOS has had double & triple the zero-day bugs,
but we're talking here about active exploits in the wild, right?

None of which are ever found by the incompetent Apple QA engineering team.
(Some of which are found twice! Yup. Apple doesn't institute any checks!)

Everyone who knows anything about Apple knows they're incompetent at
software QA - haven't you seen the published internal emails about it?

Just look at the astoundingly huge number of iOS *active exploits*!
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

The reason is partly because Apple summarily drops full patch support the
instant the next release of iOS or macOS ships. Apple support sucks.

*Tick. Tock. Dead. Gone.*
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

Any iPhone that can't install iOS 17 is likely already filled with exploits
and definitely it will never be patched with all Apple's known patches.
<https://screenrant.com/apple-product-security-update-lifespan/
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/

It's important to note that no other operating system vendor of a common
consumer operating system has a support policy that atrocious. Only Apple!

RabidPedagog

2023-09-28 00:17:34 UTC

Post by Wally J
which is why iOS has the most exploits of all mobile systems!

I enjoyed my Z10 for as long as I had it. It tried to give its users an
Apple-like experience but failed. Security was admittedly spectacular
though, as was the fact that users could easily change the battery or
expand storage. In fact, I was able to get a double-size battery to
extend the life of the thing since it wasn't too power efficient.

--
RabidPedagog
TG: @RabidPedagog
Galatians 6:7

Dorper

2023-09-28 03:09:11 UTC

Post by RabidPedagog
I enjoyed my Z10 for as long as I had it. It tried to give its users an
Apple-like experience but failed. Security was admittedly spectacular
though, as was the fact that users could easily change the battery or
expand storage. In fact, I was able to get a double-size battery to
extend the life of the thing since it wasn't too power efficient.

BB10 also had spectacular multitasking functionality. In fact, many of the
multitasking gestures on iOS are the same as on BB10.

Post by RabidPedagog
For the past three years iOS has had double& triple the zero-day bugs,
but we're talking here about active exploits in the wild, right? Of which most are minor. If they were major bugs then we would have a jailbreak, which we

don't. A major bug is one that grants root access.

Post by RabidPedagog
Just look at the astoundingly huge number of iOS *active exploits*!
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> Ah yes NVD/CVE, well known for not giving ridiculously high scores to minor bugs

<https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-
wrong-with-cves/>
(An already fixed bug in cURL causes a retry-delay of around 2^64/1000 to
wait a few seconds instead of the expected time until the heat death of the
universe. This "bug" is apparently worthy of a 9.8 rating for some reason)

Post by RabidPedagog
The reason is partly because Apple summarily drops full patch support the
instant the next release of iOS or macOS ships. Apple support sucks. This is false. Apple supports iOS 15, 16, 17 and macOS 11, 12, 13, and 14. Having only

two years of support sounds like it sucks (it does) but that is what most
companies do now. Microsoft only supported Windows 10 21H2 for two years.
Rapid (but not rolling) release is now seen as a better marketing strategy
than releasing a new OS every 3-6 years like Microsoft and then supporting it
for 10 years (to be fair to Microsoft, they will continue to support Windows
10 until2025, a total of 11 years)
With the SaaS business model, not anymore. Microsoft (didn't) sell hardware
so the business model was making sure Windows runs on literally any computer.
Which is why Windows 10 will "run" on a Pentium 4. Apple sells hardware on
the other hand and will support their computers with updates for 8 years. An
issue is that Apple doesn't have a vested interest in ensuring older devices
can run the latest software, but 8 years is pretty good. iPhones have a
shorter support window of 6 years. In my experience, Android phones don't get
major support for 6 years and it is up to the manufacturer and for some
reason your carrier to put out updates. At least you aren't forced to pay for
security updates!

Post by RabidPedagog
It's important to note that no other operating system vendor of a common
consumer operating system has a support policy that atrocious. Only Apple!

Oracle and RedHat. ArcaOS but nobody has heard of that. $200 for a year of
updates.

Post by RabidPedagog
Any iPhone that can't install iOS 17 is likely already filled with exploits
Note: Because of dependency on architecture and system changes to any current version of Apple operating systems (for example, macOS 13, iOS 16 and so on),

not all known security issues are addressed in previous versions (for
example, macOS 12, iOS 15 and so on).
However Apple does appear to fixing security issues in previous versions
based on CVE details.

Wally J

2023-09-29 04:38:01 UTC

Post by Dorper
However Apple does appear to fixing security issues in previous versions
based on CVE details.

Don't be fooled...

According to the gov, there is no smartphone OS more exploited than is iOS.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

The reason is most likely the primitive monolithic update mechanism that
only Apple uses (no other operating system uses Apple's primitive method).

Due to the primitive update mechanism only Apple employs, zero-day bugs
last far longer in Apple operating system than in Android for example.

That's gives bad actors tremendously more time to exploit Apple systems.
Plus, the fact Apple summarily drops full OS support every year helps them.
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

Security professionals have been well aware of the atrocious Apple support
mechanism but it was only this year Apple was forced to publicly admit it.
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>
<https://screenrant.com/apple-product-security-update-lifespan/>

--
My goal on the child-like Apple newsgroups is to spread the truth about
Apple (and to show ignorant low-IQ uneducated iKooks for what they are).

Dorper

2023-09-29 05:01:39 UTC

Post by Dorper
However Apple does appear to fixing security issues in previous versions
based on CVE details.

Don't be fooled...
According to the gov, there is no smartphone OS more exploited than is iOS.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

CISA NVD is a mirror of The MITRE Corporation's CVE system, which is flawed.
And you don't understand how different operating systems are packaged.

The Android base distribution (not including any OEM added stock apps, only
AOSP) has had 2593 CVEs in the last 10 years.
https://www.cvedetails.com/product/19997/Google-Android.html?vendor_id=1224

I am not sure if this includes the Linux Kernel but if it doesn't you will
have to add around a 1000 more vulnerabilities.

Compare to iOS (including stock apps) CVE count which is 2156.
https://www.cvedetails.com/product/15556/Apple-Iphone-Os.html?vendor_id=49

Last time I checked, 2593 is a bigger number than 2156. So using your own
(flawed) source, the NVD, we can see that you are wrong. Not like CVE count
actually means anything; like most of the "security" industry it is overhyped
nonsense.

Post by Wally J
Due to the primitive update mechanism only Apple employs, zero-day bugs last far longer in Apple operating system than in Android for example.

Windows employs the same update strategy.
https://www.catalog.update.microsoft.com/Search.aspx?q=windows+10

macOS used to have updates in the App Store but this was moved to the
Settings app.
Android uses Linux, a monolithic kernel. Modules typically are incompatible
between versions of Linux due to there not being a stable ABI. Android
appears to update the kernel all at once.
https://source.android.com/docs/core/architecture/kernel/releases

And the iOS security sandbox model makes it so a compromised app will not be
able to screw up the entire rest of your system, like it is so in Android.

Wally J

2023-09-29 05:32:22 UTC

Post by Wally J
According to the gov, there is no smartphone OS more exploited than is iOS.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

CISA NVD is a mirror of The MITRE Corporation's CVE system, which is flawed.
And you don't understand how different operating systems are packaged.

It's good that you're thinking - which means there's a possibility of
learning but first we have to equilibrate our knowledge to a common ground.

You can't seriously claim, sans a single slice of evidence, that I don't
understand that iOS is packaged as a monolith (yes, a delta is applied to
each & every user but the release is built and tested as a monolith).

To be clear, you may not even be aware that only in iOS 16 did iOS _begin_
to break down that primitive monolith - which I'm not sure you're aware of.

*About Rapid Security Responses - only available in iOS 16 and up*
<https://support.apple.com/en-us/HT201224>

The RSR aside, the primitive release process only Apple employs is very
likely the fundamental reason why iOS has not only the most zero-day holes
(by far!) but also the most _exploited_ vulnerabilities (ten times more!).

Post by Wally J
Due to the primitive update mechanism only Apple employs, zero-day bugs
last far longer in Apple operating system than in Android for example.

Windows employs the same update strategy.
https://www.catalog.update.microsoft.com/Search.aspx?q=windows+10

You can't seriously claim, sans a shred of evidence, that Windows is a
monolith like iOS is a monolith since Microsoft does NOT update
Windows as the primitive stone-age monolithic package that Apple uses.

How do most Windows users get their updated drivers, for example?
*You do know they don't generally come from Microsoft, right?*

Where do you think the iOS drivers come from?

Quite different from Apple's monolithic update mechanism, Android has
Project Treble with Qualcomm where the drivers are asynchronously
updated irrespective of the carrier and the Android release process.
<https://www.qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and>

Likewise, are you aware how major applications on Windows and Android
update? Again, nothing like that of the primitive monolithic method Apple
uses.

You can't be oblivious that with Apple - it's everything - or nothing.
With every other operating system - the updates are in many layers.

With iOS, you instantly lose full support the moment a next release ships!
*Distinguishing software updates from upgrades*
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

It's fine that Apple uses a stone-age primitive update mechanism - which is
Apple's prerogative - but it's the main reason iOS has the most zero day
holes and even more importantly the most exploited zero-day holes.

By far.

Post by Dorper
And the iOS security sandbox model makes it so a compromised app will not be
able to screw up the entire rest of your system, like it is so in Android.

WTF? You've never heard of the many zero-click zero-day exploits of iOS?
Are you serious?

Again, we have to get to common ground which is you can't discount that
on average, iOS has had one a month (sometimes two or three!) for years!

*You can't just ignore that iOS has been extremely insecure* (for years!)

Look it up before you respond please as the major problem outlined here is
that the primitive stone-age update mechanism that only Apple employs is
the main reason iOS not only has the most zero day holes (by far), very
many of which are also zero-click vulnerabilities... but this primitive
update mechanism is also why iOS has very many times the zero-click
_exploits_ that are already abused by malevolent actors in the wild.

--
My role is the truth about Apple products and to expose the iKooks too.

candycanearter07

2023-09-29 05:49:09 UTC

Post by Wally J
To be clear, you may not even be aware that only in iOS 16 did iOS _begin_
to break down that primitive monolith - which I'm not sure you're aware of.
*About Rapid Security Responses - only available in iOS 16 and up*
<https://support.apple.com/en-us/HT201224>

Wait, they're *that* recent?

Post by Dorper
Windows employs the same update strategy.
https://www.catalog.update.microsoft.com/Search.aspx?q=windows+10

Plus they have a better security update policy.

Post by Wally J
How do most Windows users get their updated drivers, for example?
*You do know they don't generally come from Microsoft, right?*
Where do you think the iOS drivers come from?

To be fair, Apple is the only company making iOS compatible devices.
Still is frustrating they don't separate the updates, though.

Post by Wally J
Quite different from Apple's monolithic update mechanism, Android has
Project Treble with Qualcomm where the drivers are asynchronously
updated irrespective of the carrier and the Android release process.
<https://www.qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and>
Likewise, are you aware how major applications on Windows and Android
update? Again, nothing like that of the primitive monolithic method Apple
uses.
You can't be oblivious that with Apple - it's everything - or nothing.
With every other operating system - the updates are in many layers.
With iOS, you instantly lose full support the moment a next release ships!
*Distinguishing software updates from upgrades*
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>
It's fine that Apple uses a stone-age primitive update mechanism - which is
Apple's prerogative - but it's the main reason iOS has the most zero day
holes and even more importantly the most exploited zero-day holes.
By far.

"Courage" (sarcastic)

Post by Dorper
And the iOS security sandbox model makes it so a compromised app will not be
able to screw up the entire rest of your system, like it is so in Android.

That is *way* worse than I expected, geezus.

--
user <candycane> is generated from /dev/urandom

Wally J

2023-09-29 05:58:23 UTC

Post by candycanearter07

Post by Wally J
*About Rapid Security Responses - only available in iOS 16 and up*
<https://support.apple.com/en-us/HT201224>

Wait, they're *that* recent?

The main reason iOS is exploited many times more than is Android is that
until iOS 16, Apple had no concept of just patching a single bug.

Only in iOS 16 did Apple get with the program of using what every other
common consumer operating system does - which is patch the bugs.

Post by candycanearter07

Post by Dorper
Windows employs the same update strategy.
https://www.catalog.update.microsoft.com/Search.aspx?q=windows+10

Plus they have a better security update policy.

Windows support is far longer than anything Apple has ever delivered,
but my point was that with iOS, it's all or nothing. Usually nothing.

With Windows, the drivers, for example, are independently updated.
Just like they are with Qualcomm Android drivers (under Project Treble).

The mistake the Apple owners are making is they are unaware that an
operating system consists of layers, not all of which are updated by the
manufacturer of the device (e.g., Nvidia updates Windows drivers
independently of Microsoft updates of the Windows operating system).

With iOS it's different. Especially since Apple fully supports only one
release (unlike Windows/Android which fully support multiple releases).

With iOS it's all or nothing (usually nothing if you're on iOS 16).

Dorper

2023-09-29 06:25:03 UTC

Post by Wally J
According to the gov, there is no smartphone OS more exploited than is iOS.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

CISA NVD is a mirror of The MITRE Corporation's CVE system, which is flawed.
And you don't understand how different operating systems are packaged.

It's good that you're thinking - which means there's a possibility of
learning but first we have to equilibrate our knowledge to a common ground.
You can't seriously claim, sans a single slice of evidence, that I don't
understand that iOS is packaged as a monolith (yes, a delta is applied to
each & every user but the release is built and tested as a monolith).
To be clear, you may not even be aware that only in iOS 16 did iOS _begin_
to break down that primitive monolith - which I'm not sure you're aware of.
*About Rapid Security Responses - only available in iOS 16 and up*
<https://support.apple.com/en-us/HT201224>

They changed the update system. What is your problem then?

Post by Wally J
The RSR aside, the primitive release process only Apple employs is very
likely the fundamental reason why iOS has not only the most zero-day holes
(by far!) but also the most _exploited_ vulnerabilities (ten times more!).

Dude, look at the NVD you keep bringing up. I don't know where you are
getting this 10x number. Just look at the numbers in NVD, AOSP has around 300
more vulns from the last 10 years than iOS.

Post by Wally J
*You do know they don't generally come from Microsoft, right?*

They do. Windows drivers are distributed by Microsoft through Windows Update.
In fact, Microsoft compiles all 3rd party drivers themselves as part ofWHQL.
They may be written by the vendor but Microsoft takes care of compilation,
signing, and distribution.

I am looking at the Mac App Store right now and seeing how updates are
delivered. It's not monolithic. Safari, iTunes, SDC, Digital Camera RAW,
Device Support, iTunes Device Support, Security Update are all separate
updates. Of course there isn't a large variation of software for the macOS so
Apple doesn't have to distribute drivers and those are typically installed
and updated how you THINK drivers are installed in Windows, through random
3rd party tools. Suboptimal but whatever, only had to do it for a Wacom
tablet.

Post by Wally J
WTF? You've never heard of the many zero-click zero-day exploits of iOS?> Are you serious?

Enlighten me.

Post by Wally J
Again, we have to get to common ground which is you can't discount that>on average, iOS has had one a month (sometimes two or three!) for years!

Scare mongering from the "security" industry as usual. No this isn't a cope,
I just think that those people are very dishonest. If I have to hear one more
of them say that "Management Engine is malware" despite OOBM being a feature
of many enterprise designs for years and nobody batted an eye...

Thomas E.

2023-10-26 12:46:03 UTC

Not entirely true. Apple just released iOS 15 and 16 security updates for iPhone 6s and later. The 6s was introduced in 2015. Prior to this update a September update was issued.

https://arstechnica.com/gadgets/2023/10/apple-releases-ios-16-7-2-and-ios-15-8-security-updates-to-patch-old-hardware/

Alan

2023-10-26 15:54:47 UTC

Post by Thomas E.

Not entirely true. Apple just released iOS 15 and 16 security updates for iPhone 6s and later. The 6s was introduced in 2015. Prior to this update a September update was issued.
https://arstechnica.com/gadgets/2023/10/apple-releases-ios-16-7-2-and-ios-15-8-security-updates-to-patch-old-hardware/

Congratulations.

You're now replying to someone who is as little interested in truth as
you are.

Thomas E.

2023-10-28 12:29:34 UTC