50+ unpatched security vulnera­bilities in A5-generation iOS devices

Devices running the Apple A5 chipset were all abandoned when Apple released iOS 10. Since then, there are 51 disclosed security vulnerabilities in iOS 9.3.5 — the last version available to devices with A5 chipset. Including a lock screen bypass vulnerability and 20 issues that are remotely exploitable through Safari (and any other web browser allowed on the device.)

But have Apple done a good enough job informing their customers that their devices are no longer secure?

Apple haven’t publicly said a word about support or availability of updates for A5 chipset devices. However, it has been iOS 9.3.5 — the last update for these devices — was released. Since then Apple have released iOS version 10.0.2 through 10.3.2 already and will soon catch up to iOS 9 in point releases.

If you still use an iPad 3, iPad 2, 5th generation iPod Touch, or an iPhone 4S then it may be time to wipe off all your data and turn it in for recycling.

Software Update: iOS 9.3.5 is up to date

Apple claiming outdated software is up-to-date.

I was quite annoyed when Apple abandoned my 3-year old iPod Touch as they released iOS 10. However, I’m even more annoyed by Apple’s treatment of their customers in the months since they made that decision.

When I manually go to check for software updates for my iPad 3 or 5th generation iPod Touch, I’m assured by Apple that “Your software is up to date.” There’s no mentions of iOS 10, nor that iOS 9.3.5 is indeed not the latest version of the operation system.

There’s no public mention of product deprecation on Apple’s support website. A5 chipset devices aren’t listed on Apple’s list of vintage or obsolete products. Yet, the company have stopped delivering software updates for these older devices.

The devices themselves haven’t informed me in any way that they’re now obsolete and are no longer receiving critical security updates. The only hint I could find is a mention of how to manually update to iOS 10 in the Tips app. However, this doesn’t even apply to my devices as they’re unsupported and can’t be upgraded.

I believe it’s irresponsible of Apple not to update these devices any longer, and also not to inform their users that the devices are no longer supported. Apple should have pushed notifications to unsupported products to inform their users that they need to upgrade.

This would probably boost Apple’s sales figure for their current iPad models, so I’m not sure why they haven’t done it already. In January this year, I recycled my original first generation iPad. It hadn’t been updated in years, and it also hadn’t received any kind of on-device notification about it being unsupported.

Such product deprecation notifications — and especially one asking customers to purchase a newer models of the product — may generate some negative press.

However, informing users would be much better practice from a security stand point. It seems to me that Apple’s fear of bad publicity is leaving some of their users unaware of their security situation.

No one using Windows XP on a desktop computer today doesn’t know that their operating system is unsupported and no longer receives updates from Microsoft.

Microsoft made that quite clear with increasingly aggressive notifications before they discontinued their old operating system. It’s not at all too much to ask from Apple to show the same level of consideration.

iOS isn’t magic, it’s software. Internet connected devices don’t remain secure forever, and especially not after their manufacturer stops delivering security updates for them. These types of devices should be sold with best-before-dates, but that’s another discussion.

I do not feel safe using a web browser with several known security vulnerabilities that have remained unpatched for ¾ of a year. Considering the sensitive nature of information we all access using web browsers, including financial and other important online accounts, it would be completely irresponsible to keep using the device for web browsing.

I’ve stopped using my own iPad as a couch-device and have removed all my data from both my iPod Touch and iPad. I don’t intend to replace them with newer models, as I feel their product lifetime should have been much longer.

Apple have had a reputation of keeping their devices up-to-date, but I strongly feel like they haven’t done enough to maintain this reputation in the last couple of years.

I’ve ordered parts and components and will try to re-purpose the high-resolution display in the iPad 3 into an extra monitor for my PC. (Details in a later update.) It’s a good display panel, and it’s not seen all that much use, to be honest. I’m afraid my iPad will see more hours use as a secondary PC monitor than it ever did as a tablet computer.