https://www.cvedetails.com/version/2021355/Apple-Iphone-Os-1...
seems to be the same as 18.7.2
https://www.cvedetails.com/version/2037518/Apple-Iphone-Os-1...
My iPads on 18.7.3 just yesterday started pushing notifications to upgrade to 26.2 again.
Guess Apple wants to pump up those numbers. If they really cared, if they had an ethical bone in their body, they would release 18.7.3 to the public WHICH THEY ALREADY HAVE STAGED.
This is more like blackmail where they are dangling these security issues over everyone's head as some scare tactic to upgrade, instead of giving everyone access to the iOS 18 security patch which already exists.
>This is more like blackmail where they are dangling these security issues over everyone's head as some scare tactic to upgrade, instead of giving everyone access to the iOS 18 security patch which already exists.
18.7.3 was released a month ago. Anyone who cared about security updates would have already gotten it using the beta workaround. Anyone who's apathetic about updates isn't going to be swayed by 18.7.3 vs 26.2.
A few weeks ago it was offering me iOS 26, but not anymore.
More iPhone sales! Some VP up there is popping champagne after getting the genius idea to disguise it as a security feature and force it down people's throats.
Good news for people wanting to run the code they want on their own devices?
Most users lack the domain experience needed to protect and maintain hygiene against threat actors.
this assumes your friends are actually a North Korean APT
On macOS they still seem to be stopped by firm enough non-consent, but they really try to force you first, and I get the impression they may do worse any year now.
It's hard to take this seriously.
I’m currently finalizing a detailed forensic report on a real-world incident where I was the target of this exact attack chain. It began with a casual social encounter—a classic shoulder-surfing of my 6-digit passcode—but escalated through the unpatched vulnerabilities I’m now documenting.
As an IT architect, I’ve spent the last few weeks performing a deep-dive into the device logs to understand the "Authorization Gap" that allowed this to happen. What I found is terrifying: a single unpatched CVE combined with a stolen passcode effectively turns an iPhone into an identity-theft kit. Leaving these updates unpatched isn't just a security risk; it’s providing the final components for your own identity’s subversion. I’m sharing this because this isn't theoretical—it’s a systemic failure that is already being exploited.
OkGoDoIt•3w ago
alephnerd•3w ago
Unless you are someone with significant security experience (which most HNers don't have), do not roll the dice with out-in-the-wild exploits, especially given how most people rely on their smartphones to a significant degree.