Apple Withdraws iOS 18 Security Updates

https://www.forbes.com/sites/zakdoffman/2025/12/27/apples-iphone-upgrade-hundreds-of-millions-of-users-must-act-now/

27•zaltekk•4h ago

Comments

OkGoDoIt•4h ago

iOS 18 with glaring, actively-exploited security holes is still better than iOS 26.

alephnerd•3h ago

This is very bad advice given that this CVE allows DCE.

Unless you are someone with significant security experience (which most HNers don't have), do not roll the dice with out-in-the-wild exploits, especially given how most people rely on their smartphones to a significant degree.

theogravity•3h ago

If I'm on 18.7.1, do I still need to upgrade?

https://www.cvedetails.com/version/2021355/Apple-Iphone-Os-1...

seems to be the same as 18.7.2

https://www.cvedetails.com/version/2037518/Apple-Iphone-Os-1...

alephnerd•2h ago

Most likely. This is a WebKit issue whose patch is only shipped with iOS 26.2 or iOS 18.7.3 (but that's only available to a subset of iPhone and iPadOS devices).

gruez•1h ago

See: https://support.apple.com/en-us/125885

nazgu1•3h ago

Apple artificial move to encourage people to upgrade… if they could release security update for older iPhones they can release it for the rest of models…

schmuckonwheels•2h ago

Absolutely. This reeks.

My iPads on 18.7.3 just yesterday started pushing notifications to upgrade to 26.2 again.

Guess Apple wants to pump up those numbers. If they really cared, if they had an ethical bone in their body, they would release 18.7.3 to the public WHICH THEY ALREADY HAVE STAGED.

This is more like blackmail where they are dangling these security issues over everyone's head as some scare tactic to upgrade, instead of giving everyone access to the iOS 18 security patch which already exists.

gruez•1h ago

>If they really cared, if they had an ethical bone in their body, they would release 18.7.3 to the public WHICH THEY ALREADY HAVE STAGED.

>This is more like blackmail where they are dangling these security issues over everyone's head as some scare tactic to upgrade, instead of giving everyone access to the iOS 18 security patch which already exists.

18.7.3 was released a month ago. Anyone who cared about security updates would have already gotten it using the beta workaround. Anyone who's apathetic about updates isn't going to be swayed by 18.7.3 vs 26.2.

nabbed•2h ago

Odd, I have an iPhone 11 on 18.6.2 and the Software Update page offers me nothing, just says "iOS is up to date".

A few weeks ago it was offering me iOS 26, but not anymore.

nabbed•2h ago

OK, I had iOS 18 beta selected. I turned that off and IOS 26.2 magically reappeared as an offering. I guess since 18.7.3 is not going to be offered to me, I must install 26.2.

schmuckonwheels•2h ago

18.7.3 is no longer available as beta? It was as of a few weeks ago. Public or Developer beta?

1over137•2h ago

Guess some high up at Apple noticed iOS 26 adoption is low:

https://mjtsai.com/blog/2026/01/09/slow-ios-26-adoption/

neuralkoi•2h ago

Forced obsolescence due to the iOS 26 bloat triggers a forced upgrade cycle.

More iPhone sales! Some VP up there is popping champagne after getting the genius idea to disguise it as a security feature and force it down people's throats.

sillywalk•2h ago

I don't know if it still works, but there was a way to get 18.7.3, for devices pushed to "upgrade" to Tahoe by enabling ios 18 beta releases.

DustinEchoes•1h ago

They closed that loophole a couple weeks ago. 18.7.3 is no longer available for phones that can run 26.

kasabali•2h ago

> CVE-2025-43529 allows threat actors a direct code execution capability, while CVE-2025-14174 provides the much needed sandbox escape and privilege escalation capabilities which makes it devastating

Good news for people wanting to run the code they want on their own devices?

alephnerd•2h ago

Yep! It's good for jailbreaking, but it's a double edged sword because it's a similar approach that offensive actors use.

Most users lack the domain experience needed to protect and maintain hygiene against threat actors.

gruez•1h ago

Note the CVEs discussed were patches almost a month ago with iOS 18.7.3. If you used the beta workaround[1] to get that, you're safe and don't have to upgrade to iOS 26... for now.

[1] eg. https://news.ycombinator.com/item?id=46264741

handsclean•24m ago

I rejected iOS 26 for a while and boy did my opinion on whether Apple forces version changes do a 180. Everything people lambast Windows for was there. Nags with no “no” option, a red notification badge you can’t dismiss, scare dialogs, and disabling unrelated features. This latest slimy behavior is unfortunately quite consistent with how Apple treats disobedient iOS users.

On macOS they still seem to be stopped by firm enough non-consent, but they really try to force you first, and I get the impression they may do worse any year now.

Great Chinese Famine

Game is a single 13 KiB file that runs on Windows, Linux and in the Browser

The Models Resource – Archive of 3D models in video games

Show HN: Coi – A compiled-reactive language for high-performance WASM apps

Show HN: Blockframe v1.0.3 Released

The Next Two Years of Software Engineering

iMessage-kit is an iMessage SDK for macOS

How I'm Doing at the End of 2025

Show HN: Engineering Schizophrenia: Trusting Yourself Through Byzantine Faults

Show HN: Should I Buy It – Paste a link. Answer questions. Get a recommendation

The Cauldron in the Spectrogram Or: What Happens When You Think with Your Tools

Axioms of Polity

Show HN: I Built a Mobile Coding App. What I Use It for Surprised Me

Read Sundar Pichai's Remarks at the 2026 National Retail Federation

Colorado is looking for range riders to help reduce conflict with wolves

Military Grade

Influencers and OnlyFans models are dominating O-1 visa requests

Play chess via Slack DMs or SMS using an ASCII board

Show HN: Sprig-config – Spring-like config for Python, layered YAML and secrets

Embrace your lack: on Pluribus and LLMs

When msvc:musttail attribute silently fails

Stablecoin transactions rose to $33T in 2025

Doom on Oscilloscope

You should change your mobile app version format to year.week.iteration

Weird DNS Behavior on Alpine Linux – .local and mDNS

Supply Chain Games: What Have We Learned from the Semiconductor Shortage? (2021)

Ask HN: Self Hosted Intercom.io Options

How to use changesets in Go workspaces

Walmart expands drone delivery with Wing to 150 more stores

Claude Coding A Blog Pipeline

Apple Withdraws iOS 18 Security Updates

Comments

Great Chinese Famine

Game is a single 13 KiB file that runs on Windows, Linux and in the Browser

The Models Resource – Archive of 3D models in video games

Show HN: Coi – A compiled-reactive language for high-performance WASM apps

Show HN: Blockframe v1.0.3 Released

The Next Two Years of Software Engineering

iMessage-kit is an iMessage SDK for macOS

How I'm Doing at the End of 2025

Show HN: Engineering Schizophrenia: Trusting Yourself Through Byzantine Faults

Show HN: Should I Buy It – Paste a link. Answer questions. Get a recommendation

The Cauldron in the Spectrogram Or: What Happens When You Think with Your Tools

Axioms of Polity

Show HN: I Built a Mobile Coding App. What I Use It for Surprised Me

Read Sundar Pichai's Remarks at the 2026 National Retail Federation

Colorado is looking for range riders to help reduce conflict with wolves

Military Grade

Influencers and OnlyFans models are dominating O-1 visa requests

Play chess via Slack DMs or SMS using an ASCII board

Show HN: Sprig-config – Spring-like config for Python, layered YAML and secrets

Embrace your lack: on Pluribus and LLMs

When msvc:musttail attribute silently fails

Stablecoin transactions rose to $33T in 2025

Doom on Oscilloscope

You should change your mobile app version format to year.week.iteration

Weird DNS Behavior on Alpine Linux – .local and mDNS

Supply Chain Games: What Have We Learned from the Semiconductor Shortage? (2021)

Ask HN: Self Hosted Intercom.io Options

How to use changesets in Go workspaces

Walmart expands drone delivery with Wing to 150 more stores

Claude Coding A Blog Pipeline