China's Ministry of Industry and Information Technology has issued a formal security advisory targeting iPhone and iPad users running older software. If your device is on any iOS or iPadOS version between 13.0 and 17.2.1, this warning is directed at you — and the threat being described is specific and active.
This isn't a routine reminder. The MIIT is flagging active exploitation of known vulnerabilities.
Key Points
- MIIT advisory covers all iPhones and iPads running iOS or iPadOS 13.0 through 17.2.1 — update immediately to the latest supported version
- Attackers are delivering malicious code through Safari by luring users to compromised websites via phishing SMS, email, or poisoned search results
- Successful exploitation allows attackers to implant remote control malware, steal sensitive user data, and gain full administrative access to the device
- The attack chain requires no sophisticated user action — visiting a malicious link in Safari on an unpatched device is sufficient for compromise
- Users should also enable automatic updates and avoid clicking suspicious links from unknown sources regardless of iOS version
The Attack Method Is Straightforward and Dangerous
The MIIT advisory isn't vague about how these attacks work. Victims receive a message — SMS, email, or encounter a poisoned search result — containing a link. They click it. Safari loads the page. Malicious code exploits the unpatched vulnerability. The attacker gains remote access.
No app download required. No suspicious permission prompt. Just a link and an outdated operating system. That combination is precisely why authorities are treating this as urgent rather than routine.
Remote control malware installation means the attacker can operate the device covertly — accessing contacts, messages, photos, location data, and credentials — while the owner has no indication anything is wrong.
Who Is Actually Affected
iOS 13 through 17.2.1 covers a wide range of devices and a significant portion of users who haven't updated recently. Apple's current iOS version is iOS 26, meaning anyone more than several major versions behind is squarely in the vulnerable range.
To check your version: Settings — General — About — iOS Version. If it shows anything from 13.0 to 17.2.1, update immediately through Settings — General — Software Update.
Older devices that cannot support current iOS versions should be considered at elevated risk and replaced if they handle sensitive personal or financial data.
Basic Precautions Beyond Updating
Even on updated devices, the MIIT recommends staying alert to unsolicited links in messages and avoiding clicking anything from unknown senders. Enabling automatic updates prevents falling behind on future security patches. Apple's full security update history is available at support.apple.com for users who want to verify what patches their current version includes.
Update now. This one isn't worth waiting on.
Popular News
Latest News
Loading
