About the security content of iOS 15.8.5 and iPadOS 15.8.5

Original Article ↗ Hacker News Discussion ↗

Longevity and Support of iOS vs Android

  • Many see this iOS 15.8.5 patch as evidence that Apple supports devices far longer than most Android OEMs, especially pre‑2020 Pixels and Samsungs that often got ~3 years.
  • Others note Android has improved: recent Pixels and Samsungs now promise 5–7 years of updates, sometimes matching or surpassing Apple’s formal commitments (at least on paper).
  • Experiences with hardware durability diverge: some report Android phones failing faster than iPhones; others report decade‑scale use of Samsung/Pixel devices while iPhones around them get replaced frequently.

Severity and Nature of the Vulnerability

  • Commenters infer a serious zero‑click remote code execution in image parsing, likely exploited via messaging apps.
  • It was already patched on “current” devices weeks earlier; this backport to iOS 15 is taken as a strong signal it was used in real‑world spyware campaigns.
  • Several speculate it’s part of a chain with a WhatsApp bug to deploy targeted surveillance tools, potentially similar to commercial spyware.

Threat Models and Old Devices

  • Some argue this mostly matters to journalists, activists, opposition figures, and others targeted by states; everyday users face much lower risk.
  • Others counter that once such exploits are reverse‑engineered, they can spread to less sophisticated actors, so patching old devices limits broader abuse.
  • Debate over whether high‑risk people can “just buy” a newer phone; several point out many such targets are not wealthy.

Repurposing and Openness

  • Discussion on whether old iPhones are less reusable than old Androids:
    • iOS: jailbreaks, TrollStore, and Xcode sideloading exist but are constrained and fragile over time.
    • Android: LineageOS and postmarketOS can turn devices into routers, servers, etc., but support varies by model and vendor unlock policies.
  • Some argue that if iPhones were as hackable as cheap microcontrollers, they’d be better long‑term dev platforms.

Vendors, SoC Constraints, and Policy Shifts

  • A recurring criticism of Android: baseband/SoC vendors (notably Qualcomm) stop maintaining kernel/driver trees after a few years, capping secure support even for custom ROMs.
  • Others respond this is ultimately a contractual and business‑model problem Google and OEMs could solve if they chose.
  • Apple’s tighter vertical integration is seen as enabling longer practical support.

App Ecosystem and Practical Lifespan

  • Even with security patches, some note that once iOS is two major versions behind, many apps drop support, making devices “functionally obsolete.”
  • Counterexamples: users on very old iPhones report core tasks (browser, navigation, banking, Apple Pay) still working, though some sites and apps have already moved on.

Overall Reaction to Apple’s Patch

  • Broad approval for patching 9–10‑year‑old devices; several self‑described non‑fans praise it compared to Android “abandonware.”
  • Some worry that patching only this one bug on an old branch may give users a false impression that they’re fully secure when many other unfixed issues likely remain.