Checklist 314: Playing Catch-Up
On this week’s Checklist:
- Is it time to retire your iPhone?
- Do security keys work in every case?
- Post-holiday cybersecurity tips
What to do about an aging iPhone
Last week, we told you about the latest round of Apple updates. One of those updates was iOS 12.5.7—the OS that runs iPhone 5s, iPhone 6 and iPhone 6 Plus, and a few other Apple devices. Those older iPhones, unfortunately, can’t be upgraded to iOS 15, but there was a serious bug that needed to be patched in their operating systems.
How serious? According to ZDNet, the vulnerability, if left unpatched, “can be exploited remotely to gain arbitrary code execution on an affected iPhone…just by leading a victim’s browser to a maliciously crafted web page or web content.”
This raises an interesting question: When is an iPhone too old to be safe anymore?
Apple does its best to update software for users still on older devices, but there is a limit—and as one writer points out, when Apple drops support for an OS, app developers often follow suit. When that happens, apps on your old iPhone may indeed become a security risk.
The good news is that Apple has a pretty wide range of newer iPhones at various price points, and there’s always the option of getting a refurbished device if money is tight. If that latter option appeals, Lifewire has a helpful buyer’s guide with a focus on used devices.
Why security keys won’t always work with Apple
Security keys are great: They’re hardware-based alternatives to using a smartphone for 2FA, and they’re considered by experts to be extremely secure. And now, they can be used to safeguard your Apple ID.
But as a 9to5Mac piece points out, they don’t work in every scenario, and that’s something worth knowing. Here’s a quick list of five ways you can’t use a security key to lock down your Apple account:
- If you have just one security key, Apple won’t let you use it for 2FA. Why? The risk of losing that key—and thus losing account access forever—is just too great. You need at least one backup security key as well.
- If you use iCloud for Windows, security keys won’t work for 2FA on your Apple ID.
- Security keys won’t work if your OS is too old. They’re supported by the newer Apple operating systems only: iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 or better.
- Security keys can’t be used for Child accounts or Managed Apple IDs.
- If your Apple Watch is paired with someone else’s iPhone, you can’t use a security key for your ID and that Apple Watch. Security keys only work for Apple Watch when paired with your own iPhone.
A post-holiday checklist from The Checklist
The holidays are a time of fun and festivity…but also of cyber risk and busyness. Because of those last two factors, people are exposed to increased digital risk without having the time or attention to take the proper precautions. That’s why we recommend taking these three simple steps in the aftermath of the holiday season:
- Check for fraudulent activity, especially credit card fraud and identity fraud. Review your credit card statements and look for suspicious activity, and consider doing a full credit check to hunt for signs of identity theft.
- Do an account and app security audit if you’ve installed any new apps or opened any new accounts while shopping or traveling. Our advice is to delete anything you’re not going to use—there’s no reason to keep it around, and it’s just another possible point of attack for the bad guys (and another source of data collection for the companies!). If you are keeping an app or account, make sure it’s secured with a strong, unique password and multi-factor authentication.
- Update all of your OSes and apps. If you have a Mac, perform a full malware scan as well. This will help to ensure that you don’t have any hidden vulnerabilities (or other nastiness) lurking on your devices.