Apple releases iOS 15.8.5 security update for 10-year old iPhone 6s
29 comments
·September 17, 2025transpute
"iOS 18.6.1 0-click RCE POC", 50 comments, https://news.ycombinator.com/item?id=45019671
sunrunner
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Even if there was no mention of this or the implication that it’s linked to the notifications Apple sends for targeted attacks, is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability? What’s Apple’s default time frame for security support?
giancarlostoro
One key thing I noticed is this is before iPadOS was a thing, so this patch targets iPads too... Which makes me wonder... this is speculation no proof, but I wonder if someone is exploiting Point of Sale devices that are powered by old iPads somehow, which is out of the control of a lot of end-users who are at thee mercy of the POS vendors who are probably charging an insane premium on them.
I worked at a restaurant chain and I remember it being a whole thing to even consider reworking the POS tables + software due to rising costs.
batiudrami
By the phrasing this is almost certainly a patch for targeted vulnerabilities to install Pegasus or similar.
sfilmeyer
> What’s Apple’s default time frame for security support?
This isn't thaaaaat far out of support. Their last security update for iOS 15 was just earlier this year, and they only dropped iPhone 6s from new major versions with iOS 16 a few years ago. As someone who has kept my last few iPhones for 5+ years each, I definitely appreciate that they keep a much longer support window than most folks on the Android side of things.
giancarlostoro
Before I got my first iPhone five years ago, I always noticed that iPhone owners would drag it along for a long time, but really the phones are tanks. I remember switching Android phones every two years, because they quite literally started to decay. I think my last Android Phone I could have probably made last longer than two years, I still turn it on and play random games on it, and its still very responsive.
I assume they know just how long their customers keep their phones and maintain them accordingly.
subscribed
Maybe you use low end phones or crappy vendors?
I'm migrating from my 5 year old flagship (lol) only because vendor decided to stop supporting it. Battery still good for a day, great screen, good enough camera, fantastic sound, ssd card slot...
My next has at least 7 years of mainline support (with all AOSP releases) plus at least couple of years damage control updates.
It's a matter of the choose I think.
blahedo
This... is the opposite of my experience. Friends with iPhones seem to upgrade them unreasonably often, but my (Samsung) Android phones last a loooong time. My first Samsung I retired somewhat involuntarily after 3 years so that I could get a model that would also work overseas, but the phone itself was still fine. My second Samsung (the one I got in 2016 for the overseas trip) I just retired last fall, 2024, and even then only because a job required MS Authenticator and it wouldn't let me download it to the phone. Battery life was still fine, everything I used worked fine.
I fully expect to be using my current Android phone into the 2030s.
al_borland
I think their minimum standard is 5 years after they stop selling a product. However, it could go longer if things still work.
The 6S was discontinued in 2018, which would give it support until at least 2023, so we aren’t too far beyond that.
duxup
> is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability?
That is my assumption, that the result is a pretty severe impact and/or the victim has little to no way to prevent it (zero click situation).
Granted I can't speak for Apple, but I was thinking along the same lines you were.
altairprime
No specific timeframe is defined, but they tend to release things that matter really far back — like, the Apple CA certificate expiration update went out a few years ago to basically the entire deployed Square terminal iPad userbase, etc. I expect it’s driven by telemetry and threat model both. Presumably the cutoff is wherever the telemetry ceases!
zomiaen
Almost certainly some kind of zero click/zero user action RCE exploit.
Edit: I should've read, "Impact: Processing a malicious image file may result in memory corruption."
So simply receiving an image via SMS or loading it in some other way likely accomplishes the initial exploit, so yeah, zero click exploit. Always bad.
bombcar
This reeks in all possible ways of nation state activity.
scosman
> Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
jerlam
This specific vulnerability was already known and exploited - and patched by Apple - three weeks ago on devices that Apple deemed "current".
bigyabai
Well, good. The moment they stop, it's declared E-waste and Apple suggests you give it to them for free.
Fucked-up world we live in where a disposable vape can be reused for more purposes than an iPhone with expired software support.
duxup
I got plenty of old iPhones I can still use.
My pile of old android phones ... they sadly do not live long overall as far as a % of survivors goes. A few have lived long lives for sure, but overall not as many as my old iPhones.
MrTrvp
Unfortunately I think it'll be much worse in the coming years with Google's ban on ban sideloading apps and other companies following them.
duxup
For whatever reason I don't sweat that condition in Apple land, but I do find it very worrisome to see Android land forego side-loading.
chasil
Choose phones supported by LineageOS where the bootloader can be unlocked, and you can easily outlast iOS.
Gigachad
I used to do this back when I was on Android and official updates only lasted 1-2 years. Now I’m on an iPhone I get official OS updates for such a long time I don’t need to worry about flashing custom roms.
duxup
My experience just with the hardware doesn't match that. My android devices just tend to fail over time more often than iPhones.
Granted, there's PLENTY of other good reasons to make that choice even with that condition. So I don't disagree generally.
null
Bunch of negativity on Apple UI recently, but you gotta give Apple credit for supporting really old phones. Google Pixel, forget about it lol