Bunch of negativity on Apple UI recently, but you gotta give Apple credit for supporting really old phones. Google Pixel, forget about it lol
Dylan16807 · 10m ago
Pixels 8 and later get 7 years. Not as good as Apple but reasonable.
Pixels 6-7 got 5 years. I'd say that's on the low end of okay.
For "lol" you have to go back to 2021 or earlier. Or look at some of Motorola's offerings.
sunrunner · 1h ago
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?
giancarlostoro · 1h ago
One key thing I noticed is this is before iPadOS was a thing, so this patch targets iPads too... Which makes me wonder... this is speculation no proof, but I wonder if someone is exploiting Point of Sale devices that are powered by old iPads somehow, which is out of the control of a lot of end-users who are at thee mercy of the POS vendors who are probably charging an insane premium on them.
I worked at a restaurant chain and I remember it being a whole thing to even consider reworking the POS tables + software due to rising costs.
batiudrami · 55m ago
By the phrasing this is almost certainly a patch for targeted vulnerabilities to install Pegasus or similar.
sfilmeyer · 1h ago
> What’s Apple’s default time frame for security support?
This isn't thaaaaat far out of support. Their last security update for iOS 15 was just earlier this year, and they only dropped iPhone 6s from new major versions with iOS 16 a few years ago. As someone who has kept my last few iPhones for 5+ years each, I definitely appreciate that they keep a much longer support window than most folks on the Android side of things.
giancarlostoro · 1h ago
Before I got my first iPhone five years ago, I always noticed that iPhone owners would drag it along for a long time, but really the phones are tanks. I remember switching Android phones every two years, because they quite literally started to decay. I think my last Android Phone I could have probably made last longer than two years, I still turn it on and play random games on it, and its still very responsive.
I assume they know just how long their customers keep their phones and maintain them accordingly.
subscribed · 32m ago
Maybe you use low end phones or crappy vendors?
I'm migrating from my 5 year old flagship (lol) only because vendor decided to stop supporting it. Battery still good for a day, great screen, good enough camera, fantastic sound, ssd card slot...
My next has at least 7 years of mainline support (with all AOSP releases) plus at least couple of years damage control updates.
It's a matter of the choose I think.
blahedo · 33m ago
This... is the opposite of my experience. Friends with iPhones seem to upgrade them unreasonably often, but my (Samsung) Android phones last a loooong time. My first Samsung I retired somewhat involuntarily after 3 years so that I could get a model that would also work overseas, but the phone itself was still fine. My second Samsung (the one I got in 2016 for the overseas trip) I just retired last fall, 2024, and even then only because a job required MS Authenticator and it wouldn't let me download it to the phone. Battery life was still fine, everything I used worked fine.
I fully expect to be using my current Android phone into the 2030s.
opan · 28m ago
A relative of mine used their Galaxy Note II until the internal flash died and it stopped booting. It was definitely over 5 years old by that point.
duxup · 1h ago
> is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability?
That is my assumption, that the result is a pretty severe impact and/or the victim has little to no way to prevent it (zero click situation).
Granted I can't speak for Apple, but I was thinking along the same lines you were.
altairprime · 1h ago
No specific timeframe is defined, but they tend to release things that matter really far back — like, the Apple CA certificate expiration update went out a few years ago to basically the entire deployed Square terminal iPad userbase, etc. I expect it’s driven by telemetry and threat model both. Presumably the cutoff is wherever the telemetry ceases!
al_borland · 45m ago
I think their minimum standard is 5 years after they stop selling a product. However, it could go longer if things still work.
The 6S was discontinued in 2018, which would give it support until at least 2023, so we aren’t too far beyond that.
zomiaen · 1h ago
Almost certainly some kind of zero click/zero user action RCE exploit.
Edit: I should've read, "Impact: Processing a malicious image file may result in memory corruption."
So simply receiving an image via SMS or loading it in some other way likely accomplishes the initial exploit, so yeah, zero click exploit. Always bad.
BobbyTables2 · 10m ago
Kudos to Apple but are they going to update iPhone 8 firmware too? Think it’s been over a year since the final release. (Surely security vulnerabilities have been discovered since then!!)
It seems to me that this exploit was used in a chain with a WhatsApp issue that would trigger the malicious DNG data to be loaded as a zero click, presumably just into WhatsApp. It’s unclear to me if there was a sandbox escape or kernel vulnerability used along with this; it might have been used to exfiltrate WhatsApp messages only.
This would explain why there’s only a single patch for a simple memory corruption issue; usually an attacker would need a lot of chained vulnerabilities to bypass mitigations on iOS, but if the vulnerability is in the exact target application to begin with, it sure does make things easier.
penguin_booze · 17m ago
I'm no Apple fanboi--quite the opposite. But I take a note of this act and tip my hat, considering how Android OEMs have been pumping out abandonwares.
scosman · 1h ago
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
jerlam · 1h ago
This specific vulnerability was already known and exploited - and patched by Apple - three weeks ago on devices that Apple deemed "current".
bigyabai · 1h ago
Well, good. The moment they stop, it's declared E-waste and Apple suggests you give it to them for free.
Fucked-up world we live in where a disposable vape can be reused for more purposes than an iPhone with expired software support.
rgovostes · 1m ago
I am out of date on the latest from the jailbreak scene, but checkra1n supports the device up to iOS 14. If you updated to iOS 15, there may not be a full jailbreak, but not all is lost.
The latest release of Xcode, Xcode 26, still allows you to build apps for iOS 15. At some point you will have the secondary problem of needing an older Xcode which only runs on an older macOS, though Apple has been doing the minimum to make it possible to acquire both of these.
With a free Apple Developer account, you can sign and side load your apps, but they expire every 7 days, and you wouldn't be able to add any restricted entitlements. But the TrollStore exploit (https://github.com/opa334/TrollStore), which I cannot vouch for, seems to work around these limits.
So: It seems like if you are the kind of person who keeps disposable vapes to reprogram the microcontrollers, the iPhone 6S should actually be an attractive device worth keeping:
- Runs an operating system released in September 2021 and received regular bug fixes and security updates through July 2024. Still receives occasional security updates as of September 2025. Not completely end-of-life.
- Supported by the latest developer tools, probably through June 2026, with older downloads available (https://xcodereleases.com/).
- Known jailbreaks and exploits to maximize utility.
It's not surprising that the trade-in value for a 10-year-old device is nil, but on the secondary market they fetch about $60 (https://swappa.com/prices/apple-iphone-6s) which is not bad if you consider the device capabilities compared to most hobbyist devkits.
duxup · 1h ago
I got plenty of old iPhones I can still use.
My pile of old android phones ... they sadly do not live long overall as far as a % of survivors goes. A few have lived long lives for sure, but overall not as many as my old iPhones.
MrTrvp · 1h ago
Unfortunately I think it'll be much worse in the coming years with Google's ban on ban sideloading apps and other companies following them.
duxup · 1h ago
For whatever reason I don't sweat that condition in Apple land, but I do find it very worrisome to see Android land forego side-loading.
galaxy_gas · 1h ago
it was upfront disclosed in Apple land in that I knowingly know this to be true and do not expect it as a feature but it is a surprise new condition with no notice in Android land that makes it such worrisome action
chasil · 1h ago
Choose phones supported by LineageOS where the bootloader can be unlocked, and you can easily outlast iOS.
Gigachad · 1h ago
I used to do this back when I was on Android and official updates only lasted 1-2 years. Now I’m on an iPhone I get official OS updates for such a long time I don’t need to worry about flashing custom roms.
chasil · 56m ago
I want root reliably.
Every version of Lineage offers rooted debugging, even without Magisk.
I know that root can be obtained in iOS, but Apple really prefers that users be restrained from this capability.
duxup · 1h ago
My experience just with the hardware doesn't match that. My android devices just tend to fail over time more often than iPhones.
Granted, there's PLENTY of other good reasons to make that choice even with that condition. So I don't disagree generally.
bigyabai · 59m ago
Can't say my experience matches yours, either. I too have a box of unsupported mobile devices; the stuff I can do on an Android device clears every iOS one. I can't install apps on iOS without a desktop and a specific unsupported iTunes client. I can only use a subset of iOS functions.
My Android phones still do everything they say on the tin. Regardless, you've worded your entire argument to be orthogonal to my original point so it's clear you're not arguing in good faith. Nothing you ever said was related to the principles I mentioned, just what you consider to be personally valuable. Which is fine, but akin to responding to a health food nut by saying how great burgers taste.
Pixels 6-7 got 5 years. I'd say that's on the low end of okay.
For "lol" you have to go back to 2021 or earlier. Or look at some of Motorola's offerings.
Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?
I worked at a restaurant chain and I remember it being a whole thing to even consider reworking the POS tables + software due to rising costs.
This isn't thaaaaat far out of support. Their last security update for iOS 15 was just earlier this year, and they only dropped iPhone 6s from new major versions with iOS 16 a few years ago. As someone who has kept my last few iPhones for 5+ years each, I definitely appreciate that they keep a much longer support window than most folks on the Android side of things.
I assume they know just how long their customers keep their phones and maintain them accordingly.
I'm migrating from my 5 year old flagship (lol) only because vendor decided to stop supporting it. Battery still good for a day, great screen, good enough camera, fantastic sound, ssd card slot...
My next has at least 7 years of mainline support (with all AOSP releases) plus at least couple of years damage control updates.
It's a matter of the choose I think.
I fully expect to be using my current Android phone into the 2030s.
That is my assumption, that the result is a pretty severe impact and/or the victim has little to no way to prevent it (zero click situation).
Granted I can't speak for Apple, but I was thinking along the same lines you were.
The 6S was discontinued in 2018, which would give it support until at least 2023, so we aren’t too far beyond that.
Edit: I should've read, "Impact: Processing a malicious image file may result in memory corruption."
So simply receiving an image via SMS or loading it in some other way likely accomplishes the initial exploit, so yeah, zero click exploit. Always bad.
It seems to me that this exploit was used in a chain with a WhatsApp issue that would trigger the malicious DNG data to be loaded as a zero click, presumably just into WhatsApp. It’s unclear to me if there was a sandbox escape or kernel vulnerability used along with this; it might have been used to exfiltrate WhatsApp messages only.
This would explain why there’s only a single patch for a simple memory corruption issue; usually an attacker would need a lot of chained vulnerabilities to bypass mitigations on iOS, but if the vulnerability is in the exact target application to begin with, it sure does make things easier.
Fucked-up world we live in where a disposable vape can be reused for more purposes than an iPhone with expired software support.
The latest release of Xcode, Xcode 26, still allows you to build apps for iOS 15. At some point you will have the secondary problem of needing an older Xcode which only runs on an older macOS, though Apple has been doing the minimum to make it possible to acquire both of these.
With a free Apple Developer account, you can sign and side load your apps, but they expire every 7 days, and you wouldn't be able to add any restricted entitlements. But the TrollStore exploit (https://github.com/opa334/TrollStore), which I cannot vouch for, seems to work around these limits.
So: It seems like if you are the kind of person who keeps disposable vapes to reprogram the microcontrollers, the iPhone 6S should actually be an attractive device worth keeping:
- Runs an operating system released in September 2021 and received regular bug fixes and security updates through July 2024. Still receives occasional security updates as of September 2025. Not completely end-of-life.
- Supported by the latest developer tools, probably through June 2026, with older downloads available (https://xcodereleases.com/).
- Known jailbreaks and exploits to maximize utility.
It's not surprising that the trade-in value for a 10-year-old device is nil, but on the secondary market they fetch about $60 (https://swappa.com/prices/apple-iphone-6s) which is not bad if you consider the device capabilities compared to most hobbyist devkits.
My pile of old android phones ... they sadly do not live long overall as far as a % of survivors goes. A few have lived long lives for sure, but overall not as many as my old iPhones.
Every version of Lineage offers rooted debugging, even without Magisk.
I know that root can be obtained in iOS, but Apple really prefers that users be restrained from this capability.
Granted, there's PLENTY of other good reasons to make that choice even with that condition. So I don't disagree generally.
My Android phones still do everything they say on the tin. Regardless, you've worded your entire argument to be orthogonal to my original point so it's clear you're not arguing in good faith. Nothing you ever said was related to the principles I mentioned, just what you consider to be personally valuable. Which is fine, but akin to responding to a health food nut by saying how great burgers taste.