Apple is releasing a slew of updates for its latest operating systems today, including iOS and iPadOS 17.1, macOS Sonoma 14.1, watchOS 10.1, and others. The company is also releasing security updates for a few previous-generation operating systems, so that people who aren't ready to upgrade (and older devices that can't upgrade) will still be protected from new exploits.
Those updates include iOS and iPadOS 16.7.2 and 15.8, macOS Ventura 13.6.1, macOS Monterey 12.7.1, and the Safari 17.1 update for both of those macOS versions. At least for now, the iOS and iPadOS 16 updates cover older iPhones and iPads that can't run iOS 17 and newer devices whose owners simply don't want to install iOS 17 yet. Apple will eventually stop supporting newer hardware with iOS 16 security updates, but for now, the grace period is still in effect.
This is the first security update that Apple has delivered for iOS 15 since mid-September, suggesting that the company plans to keep supporting 2021's iOS release with continued security updates for at least a while longer. The iOS 15.8 update will only run on phones and tablets that can't install iOS 16 or 17, including the iPhone 6S, the iPhone 7, the original iPhone SE, the iPad Air 2, and the last iPod Touch.
There's less of a track record for iOS and iPadOS. It used to be that Apple didn't update older versions at all, outside of extremely rare one-off fixes for specific problems. But Apple did provide regular security updates for iOS 12 for close to two years after it was replaced, the same timeline it uses for Mac updates. We haven't had another data point since then—everything that ran iOS 13 and 14 could also run iOS 15, so Apple didn't provide extended security updates for those two versions.
Today's release doesn't confirm that Apple plans another full year of iOS 15 updates, but it is a sign that Apple plans to treat old iOS releases the same way it treats macOS; rolling over from 15.7.x to 15.8.x also follows the numbering pattern Apple has used for the last few macOS releases.
Devices that stop getting security updates will continue to function, and app developers can choose to target older iOS versions for as long as they want. But it will gradually become less safe to use them on the Internet, and new app updates and websites will gradually leave them behind.
Regardless, Apple has said in the past that only its latest operating systems are guaranteed to be fully patched. Sometimes older versions get the same patches later, and sometimes they don't get patches at all, even if they are being actively updated.
Case in point: the iOS 15.8 release lists a single kernel-level security problem, CVE-2023-32434, while the iOS 16.7.2 update fixes 17 vulnerabilities throughout the operating system, and iOS 17.1 fixes 21. Sometimes older OSes aren't affected by all the same vulnerabilities as newer ones, but this is also information Apple doesn't usually provide.
Source: arstechnica