I'd like to give kudos to Apple for including the iPhone 5S in this security update, which was released on September 20, 2013, over 7 years ago! Supporting a product for even 3 years is rare in the smartphone world.
A tricky thing about flagging "in the wild exploited vulnerabilities" in a title like this is that it suggests that sev:crit vulnerabilities in other updates that aren't flagged like this aren't being exploited in the wild. We get confirmation of only a subset of exploited vulnerabilities.<p>We'd be better off with a more neutral title, like "fixing severe vulnerabilities" or something like that.
Note that there are similar issues in macOS, too. <a href="https://support.apple.com/en-us/HT211947" rel="nofollow">https://support.apple.com/en-us/HT211947</a> <-- Catalina 10.15.7 Supplemental Update notes
I think it's interesting how iOS exploits are cheaper[1] than Android exploits, because iOS exploits are so plentiful in comparison to Android exploits.<p>[1] <a href="https://arstechnica.com/information-technology/2019/09/for-the-first-time-ever-android-0days-cost-more-than-ios-exploits/" rel="nofollow">https://arstechnica.com/information-technology/2019/09/for-t...</a>
Linking to the 14.2 list (<a href="https://support.apple.com/en-us/HT211929" rel="nofollow">https://support.apple.com/en-us/HT211929</a>) might be better? After clicking the headline link, it took me a few seconds to understand why we were caring about updates for the iPhone 5 and 6...
The problem with these updates is that it's only for devices that can only support up to iOS 12 (in this case) - if you have another device that supports anything higher but don't want upgrade to the latest iOS, you still won't get these iOS 12 security updates - they force you to upgrade the entire OS to get them.
Anybody get a bitter sweet feeling when ever these reported and fixed security exploits announcements happen?<p>It's good that users aren't going to risk getting hacked by such vulnerabilities, but its bad that users can no longer uses these exploits to gain administrative control over their property.
Maybe I got hit with one of these, my phone stopped being able to answer phone calls and auto focus stopped working (like something re flashed the firmware on a bunch of the internal peripherals.)<p>I was going to wait until the software on my pinephone was more mature but that pushed me over the edge to get power management working on my own and make sure it could make phone calls. I think dumping iOS has done a lot for my mental health and I'm glad to have left it.