Rendered at 13:34:30 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
tech234a 3 days ago [-]
Notably these exploits were originally patched for newer devices in 2023 and 2024. However, the Coruna exploits are now publicly available because some of the IOC URLs mentioned in Google's recent blog post [1] were found to still be live. Jailbreakers are already repurposing the code to make web-based tools [2].
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
iOS 16.7.15 and iPadOS 16.7.15:
iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
ryandrake 3 days ago [-]
This is nice in that Apple acknowledges that iPhone 6s and iPhone 7 devices still exist and are used. I wish third party developers would read that memo and get with the program. The App Store is becoming a ghost town of "This app stopped supporting your icky old device" warning messages due to app developers abandoning these phones.
kstrauser 3 days ago [-]
Apps don’t support devices, by and large. They support SDK versions. Targeting a 4 year old SDK means not using a fair chunk of new OS features, which translates to at least some lost sales and developer happiness.
I’m sympathetic with your point, truly, but I also get why devs would aim at newer OSes.
ryandrake 3 days ago [-]
I think you might be confusing two things. iOS developers build against a particular SDK, but they specify a deployment target which is an OS version. You can build against the latest or near-latest SDK (in fact Apple requires you to), while still targeting arbitrarily old OS versions. The developer changes these independently.
Developers can easily use APIs introduced after their deployment target OS. So if you want to target iOS 15, but use APIs introduced in iOS 17, you can easily do this with a runtime check.
Many iOS developers choose to increase their deployment target, which accomplishes nothing for the user besides locking out older devices, while making the developer's life more comfortable (he can abandon those runtime checks and code paths that only run on older devices).
But if you are disciplined and care about your users on old devices, you can very easily target those old devices while still using the latest and greatest OS features on devices that have them.
seam_carver 3 days ago [-]
I think I saw a YouTube video where some developer said that Apple requires you to use latest version of Xcode, that version has a minimum SDK (I think iOS 15) and he was complaining he couldn't update his iOS 12 targetting app anymore.
He finds a solution involving copying files across from an older version of xcode
ryandrake 3 days ago [-]
I believe Apple makes it difficult, but not impossible. At the end of the day, these things are specified in text files that can be edited, regardless of what options the GUI gives you. Definitely shame on Apple for trying to nudge developers to give up on older phones, but it aligns with their desire to keep their customers buying new phones.
compounding_it 3 days ago [-]
And the ‘features’ also involve lot of performance updates that can leverage something like newer metal. Given that a large chunk of the user base uses an iPhone from 1-2 years ago it simply makes sense to use this and abandon old SDK.
This makes me wonder though how Apple seems to deal with this for their core apps.
kilpikaarna 3 days ago [-]
I'd love to know what exciting new features the developers of my bank auth app (also used as semi-mandatory ID in various services) have available to them now that they've let it break on my otherwise adequate phone.
philjw 3 days ago [-]
Apple technically supports downloading legacy app versions, but the system is broken: it usually requires the app to be in your purchase history, and developers can opt to delete their old binaries entirely.
Maybe something the EU could enforce is requiring Apple to offer the 'last compatible version' prompt for all users, not just previous downloaders, ensuring older hardware isn't artificially artificially rendered useless for basic tasks.
eviks 3 days ago [-]
They got the memo... directly from Apple that drops fully functional phones with their SDK updates, only giving you tiny crumbs of security update once in a while
GeekyBear 3 days ago [-]
A security update for an eleven year old phone is pretty wild.
For comparison, the Nexus 6P was released in the same year as the iPhone 6S. It last received a security update in 2018.
VladVladikoff 3 days ago [-]
Only 3 years of security updates for a computer we use every day is criminal. It shouldn’t be shocking that Apple kept patching but rather that Google hasn’t.
burnt-resistor 3 days ago [-]
7 years for hardware and 2 latest OS versions was the standard Apple support timeline, except for many iOS and iPadOS 18 devices to force use of Liquid Glass in 26.
throwa356262 3 days ago [-]
This is a very odd take.
Apple decided to not patch a couple of iphones and ipads a few years ago. 6s was the oldest one at that time but even that was still within the update window.
The fact that they now have to patch them 3-4 year after the discovery because Google found them to be targeted in the wild should not be presented as a win for Apple.
throwaway85825 3 days ago [-]
A device can be unsupported yet millions will still use it. The obsolescence business model needs to be legislated away.
gruez 3 days ago [-]
Should DEC still be releasing patches for the PDP-11? Apple is probably the better companies out there. Some Android devices (cheap tablets on aliexpress) don't even get a year of updates.
throwaway85825 3 days ago [-]
A VM image of the build server would work.
thecybernerd 3 days ago [-]
I wonder what the active device threshold is for them to make the decision to patch an operating system from a decade ago.
ronsor 3 days ago [-]
Probably recent active exploitation
nicwolff 3 days ago [-]
And for my iPod touch! I was prepared to keep using it around the house – it's so much lighter than a phone – but I was worried about leaving it logged into iCloud Keychain if it wasn't going to get this fix.
kevincloudsec 3 days ago [-]
patching a kernel exploit on a phone from 2015 is nice until you realize the coruna IOC URLs were still live long enough for jailbreakers to weaponize the code before the patch shipped.
burnt-resistor 3 days ago [-]
Still waiting for iOS and iPadOS security updates to 18 as per the tradition of supporting the past 2 generations of OSes rather than this sneaky rug-pull of trying to foist fugly 26 on users who don't want an unusable device.
This sort of spurious patching and releasing token cheap devices is a form of gaslighting.
stock_toaster 3 days ago [-]
Indeed! I was about to post something very similar. Glad I scrolled down a bit.
nineteen999 3 days ago [-]
Now if they'd just release an update to 26.3.1 (23D8133) which PERMANENTLY broke Apple Carplay for me I'd be happy.
It's been getting steadily worse since iOS 26 was released.
Apple is rapidly becoming the new Microsoft. I mean, Microsoft has fallen so much further, so I guess that just opened up a new gap in the shitty technology spectrum for Apple to descend to.
anshumankmr 3 days ago [-]
This will really help the 10 people still using an iPhone 6S.
(Still a common W for Apple updates)
LLinguiniM 3 days ago [-]
CONSOOM!
behnamoh 3 days ago [-]
Am I supposed to be impressed by this? This is part of the Apple experience: long-term updates in exchange for absurdly high markups up-front. I'd be impressed if the markup got lowered and iDevices still got such updates, but that's not happening.
falkensmaize 3 days ago [-]
Absurdly high markups? They just released a very good laptop for $599. The Galaxy S26 Ultra is $1299. The OnePlus 15 is $999. A Dell XPS 16 with 32gb ram is over $2000.
I won’t argue that they charge a premium for memory and nvme, but I have never felt like I overpaid for my MacBooks or iPhones, in part because they last so long.
burnt-resistor 3 days ago [-]
One anecdotal example doesn't break the pattern. It's a performative ploy.
nozzlegear 3 days ago [-]
That's not anecdotal, it literally is the price of the MacBook Neo.
watermelon0 3 days ago [-]
How about iPhone 16e/17e? Base MacMini M4?
colinbartlett 3 days ago [-]
Yes because if it helps keep devices in use longer it helps reduce waste and the planetary impacts of a culture of disposable products.
paulryanrogers 3 days ago [-]
If only they had user replaceable batteries, or repairable devices
I mean self repair without renting proprietary equipment, having to soften glue with heat, etc. I used to be able to swap batteries in seconds without tools. Some laptops could do it without shutting down.
cryptoegorophy 3 days ago [-]
Well. You can buy iPhone 6S for $50. How much cheaper did you want it?
runako 3 days ago [-]
iPhone 17 Pro is $1099, Google Pixel Pro is $999, Galaxy S26 Ultra is $1,299.
Flagship phones are expensive. Apple mostly just does not make low-spec phones, and cheap phones are generally low-spec (or their makers would charge more).
cosmic_cheese 3 days ago [-]
I mean there’s loads of Android stuff in Apple-adjacent price brackets that haven’t seen the tiniest hint of an update in many years…
nativeit 3 days ago [-]
The bar has become incredibly low, it’s true. I could argue that’s all the more reason for recognizing when these monoliths do the right thing, but I would probably struggle to claim they deserve any of it at this point.
[1]: https://cloud.google.com/blog/topics/threat-intelligence/cor...
[2]: https://x.com/Little_34306/status/2031823581513204009 (Note: the link in this tweet goes to an exploit page that uses code repurposed from malware)
Thanks Google for forcing their hand.
Related: https://cloud.google.com/blog/topics/threat-intelligence/cor...
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
I’m sympathetic with your point, truly, but I also get why devs would aim at newer OSes.
Developers can easily use APIs introduced after their deployment target OS. So if you want to target iOS 15, but use APIs introduced in iOS 17, you can easily do this with a runtime check.
Many iOS developers choose to increase their deployment target, which accomplishes nothing for the user besides locking out older devices, while making the developer's life more comfortable (he can abandon those runtime checks and code paths that only run on older devices).
But if you are disciplined and care about your users on old devices, you can very easily target those old devices while still using the latest and greatest OS features on devices that have them.
He finds a solution involving copying files across from an older version of xcode
This makes me wonder though how Apple seems to deal with this for their core apps.
Maybe something the EU could enforce is requiring Apple to offer the 'last compatible version' prompt for all users, not just previous downloaders, ensuring older hardware isn't artificially artificially rendered useless for basic tasks.
For comparison, the Nexus 6P was released in the same year as the iPhone 6S. It last received a security update in 2018.
Apple decided to not patch a couple of iphones and ipads a few years ago. 6s was the oldest one at that time but even that was still within the update window.
The fact that they now have to patch them 3-4 year after the discovery because Google found them to be targeted in the wild should not be presented as a win for Apple.
This sort of spurious patching and releasing token cheap devices is a form of gaslighting.
Apple is rapidly becoming the new Microsoft. I mean, Microsoft has fallen so much further, so I guess that just opened up a new gap in the shitty technology spectrum for Apple to descend to.
(Still a common W for Apple updates)
I won’t argue that they charge a premium for memory and nvme, but I have never felt like I overpaid for my MacBooks or iPhones, in part because they last so long.
https://support.apple.com/mac-laptops/repair?services=servic...
https://getsupport.apple.com/repair-locations?locale=en_US
Flagship phones are expensive. Apple mostly just does not make low-spec phones, and cheap phones are generally low-spec (or their makers would charge more).