Apple update for older phones could signal serious security alert

Update now, especially if you have an older Apple device.
The iPhone 5s, released in 2013
Even phones as far back as the iPhone 5s, released in 2013, have received update notifications
Alvaro Reyes / Unsplash
Alan Martin24 January 2023

Yesterday was a big update day for Apple, with the company listing no fewer than eight security updates to iOS, MacOS, and Safari on its security page.  As is normal with these things, the problems fixed are only described in the vaguest terms so as to avoid guiding hackers towards easy targets.

But the potential risk is clearly significant, as Apple has seen fit to issue updates to iOS 12 and macOS Big Sur. Released in 2018 and 2020 respectively, these operating systems aren’t exactly ancient, but crucially only older phones that can’t update to later versions should still be using them.

In practical terms, that means that even those running the iPhone 5s and iPhone 6 (released in 2013 and 2014 respectively) are being encouraged to update their handsets, and the same is true for those with Macs bought a decade ago, too.

As Jake Moore, global cybersecurity advisor at ESET, explains, that’s typically a sign of a very risky security threat.

“There are a lot of security patches that have passed older devices by and, due to the amount of work required, Apple will only send out updates to older phones when something rather sinister may be lurking in the background and a risk to users,” Moore tells the Standard. “This can therefore suggest that these updates are clearly urgent, without directly saying what the problems are or what they could lead to.”

What is the evidence of a security leak?

The patch notes for both iOS 12.5.7 and macOS 11.7.3 both include an update to WebKit, the browser engine underpinning Safari, so it seems the likely target.

While the accompanying text is subtly different on each listing, they both contain the following description: “Processing maliciously crafted web content may lead to arbitrary code execution”. In other words, if you open a malicious website via a phishing link or similar, nasty things can happen to your Mac or iPhone.

In the case of the latter, Apple adds that it is “aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1”, which explains why older phones are being patched.

“Criminal hackers favour targeting older devices or those which have not enabled security patches but, when this leads to bigger threats, an update will be essential to protect those devices and their data,” Moore explains.

“Those with auto updates enabled always remain the least at risk as the patches will happen automatically. So, even if your device is said to be not supported any more, it is still safer to keep auto-update turned on,” he adds.

Patches have also been issued for iOS 15, iOS 16, and macOS Monteray (iOS 13 and 14 are presumably excluded because all compatible devices can also run iOS 15 or later).

What can I do to protect my Apple devices?

If you’re on Apple hardware, it’s recommended that you update as a matter of urgency.

• On iOS, open the Settings app and then tap “General”, followed by “Software Update.”

• On Mac, click the Apple menu, then select “System Settings”, where you’ll find “Software Update” under the “General” tab in the sidebar.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in