Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

bogdanw

macrumors 603
Original poster
Mar 10, 2009
6,256
3,126
Once again, we have to wonder if the iOS version we use is still supported or not.
As iOS 17.1.2 has been released today and I got a persistent notification for it on my iPhone SE 2 with iOS 16.7.2, one might guess that iOS 16 will no longer be updated for the devices that support iOS 17.
 
Yea this maybe be the end of security updates for iOS 16 I’m afraid. I have downloaded the tvOS 16 beta profile to get rid of the red bubble above my settings app on my 14 pro. I have no interest in iOS 17 for now.
 
I made a comment on the 16.7.2 pinned thread mentioning that the only update option that appears in settings is for iOS 17. 16 does not show up anymore, so I guess this is the end of iOS 16 updates
 
I’m not interested in any new iOS 17 features. I’m only interested in security updates. But Apple is once again vague:
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.”https://support.apple.com/HT214031
So, one would understand that iOS 16.7.1 is not vulnerable.

But Intego claims “iOS 16 and iPadOS 16 — no updates today; confirmed vulnerable”
https://www.intego.com/mac-security...es-2-zero-day-vulns-other-vulns-unpatched/#16

Based on last years’ experience, iOS 16.7.2 is most likely vulnerable and Apple will release iOS 16.7.3 only for the devices that don’t support iOS 17.
https://forums.macrumors.com/threads/is-ios-15-no-longer-supported-on-iphone-se-2.2370718/

I’ll wait until an update for those devices is released, before moving to iOS 17.
 
  • Like
Reactions: Reverend Benny
I’m not interested in any new iOS 17 features. I’m only interested in security updates. But Apple is once again vague:
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.”https://support.apple.com/HT214031
So, one would understand that iOS 16.7.1 is not vulnerable.

But Intego claims “iOS 16 and iPadOS 16 — no updates today; confirmed vulnerable”
https://www.intego.com/mac-security...es-2-zero-day-vulns-other-vulns-unpatched/#16

Based on last years’ experience, iOS 16.7.2 is most likely vulnerable and Apple will release iOS 16.7.3 only for the devices that don’t support iOS 17.
https://forums.macrumors.com/threads/is-ios-15-no-longer-supported-on-iphone-se-2.2370718/

I’ll wait until an update for those devices is released, before moving to iOS 17.
For few, these vulnerabilities are critical (esp. if you’re VVIP or activist etc). But it’s not for most users.
 
I made a comment on the 16.7.2 pinned thread mentioning that the only update option that appears in settings is for iOS 17. 16 does not show up anymore, so I guess this is the end of iOS 16 updates
So what version of iOS are you running today?
 
For few, these vulnerabilities are critical (esp. if you’re VVIP or activist etc). But it’s not for most users.
Once a vulnerability like this is made public, everyone from the top ransomware groups to the lowest script kiddie will try to exploit it.
While the risk could be considered low, regular users can still end up being collateral victims.
 
Yes, they are nudging the iOS 17 update at the moment.

I am again pretty pissed amgered by Apples actions. I had iOS updates and download settings disabled on all my family devices - I just enabled security related updates.

They reset this setting to factory with iOS 17.1.1 and pushed it with hourly popups for installation with a nudigng second screen to do it later on.

My daughter got caugjt and updated because of this. Battery live and performance tanked on her iPad.
 
I've been running 16.7.2 on my iPhone 13 since it came out. Prior to my comment in that thread, there were two iOS update options for either iOS 16 or 17
16.7.2 is the last iOS 16 update, that's why you don't see an option for a iOS 16 update. Whenever 16.7.3 is released you will if you stay on iOS 16.
 
Yes, they are nudging the iOS 17 update at the moment.

I am again pretty pissed amgered by Apples actions. I had iOS updates and download settings disabled on all my family devices - I just enabled security related updates.

They reset this setting to factory with iOS 17.1.1 and pushed it with hourly popups for installation with a nudigng second screen to do it later on.

My daughter got caugjt and updated because of this. Battery live and performance tanked on her iPad.
So what OS were your daughter running prior to getting iOS 17?
 
Once a vulnerability like this is made public, everyone from the top ransomware groups to the lowest script kiddie will try to exploit it.
While the risk could be considered low, regular users can still end up being collateral victims.
Yes they can and will try. Everything can happen obviously. But statistically, it’s very rare those happened massively.
 
16.7.2 is current on my iPhone X. I hope Apple is planning 16.7.3, and 17.whatever, to patch the giant Bluetooth vulnerability. CVE-2023-24023. The bulletin is almost a week old, now. I'm sure you've all read it already, and are taking steps to compensate.:cool:👍
 
  • Like
Reactions: Reverend Benny
16.7.2 is current on my iPhone X. I hope Apple is planning 16.7.3, and 17.whatever, to patch the giant Bluetooth vulnerability. CVE-2023-24023. The bulletin is almost a week old, now. I'm sure you've all read it already, and are taking steps to compensate.:cool:👍
If Apple hasn't silently patched it in 17.1.2 I'm guessing we will see a 17.1.3 and 16.7.3 fairly soon, or maybe an RSR again.
 
  • Like
Reactions: ipaqrat
Considering we saw iOS 15.8 for the 6s and 7 recently, I expect at least 16.7.3 for the 8 and X soon. Most likely not the case for iOS 17 compatible devices though, based on previous iOS release cycles
 
I actually had my friend updating her iPhone 11 Pro to 16.7.2 this evening so that's not true.
I’m not up to date with OTA knowledge :) but if it was still signed, shouldn’t it appear as a reinstall option in Apple Configurator? I only get iOS 17.1.2.
maybe an RSR again.
I think Rapid Security Responses are dead. After the summer blunder https://support.apple.com/kb/HT213823 Apple hasn’t released another one, even for small fixes that were actively exploited, like the one in 17.1.2.
 
  • Like
Reactions: Reverend Benny
Confirmed that the vulnerabilities affect iOS 16.7.2

December 04, 2023
U.S. Department of Homeland Security - Cybersecurity and Infrastructure Security Agency:
“CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability
CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability”
https://www.cisa.gov/news-events/al...s-two-known-exploited-vulnerabilities-catalog

December 05, 2023
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011
“CVE-2023-42916
Versions affected: WebKitGTK and WPE WebKit before 2.42.3.
CVE-2023-42917
Versions affected: WebKitGTK and WPE WebKit before 2.42.3.”
https://webkitgtk.org/security/WSA-2023-0011.html

WPE WebKit 2.42.3 was released yesterday
https://github.com/WebKit/WebKit/releases/tag/wpewebkit-2.42.3

WebKitGTK 2.42.3 was released today
https://github.com/WebKit/WebKit/releases/tag/webkitgtk-2.42.3
 
There is a 16.7.3 release candidate, build 20H232 which was just released. I'm not sure if this would be available for devices which support iOS/iPadOS 17, though.
 
There is a 16.7.3 release candidate, build 20H232 which was just released. I'm not sure if this would be available for devices which support iOS/iPadOS 17, though.
Only for iPhone X, iPhone 8 and iPhone 8 Plus

20H232.jpg
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.