![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/05\/when-you-should-retire-your-apple-iphone-beard-cane-glasses-600x300-1.jpg\")
<\/p>\n<\/p>\n
Some people upgrade to a new iPhone every year, to get the latest cameras or other features. But if you’re like most people, you keep your phone for several years before upgrading to a newer model. Perhaps you mainly use your iPhone for the basics, or feel that as long as it isn’t broken and the battery still holds a charge, there’s no real reason to upgrade. (In fact, Apple will even replace the battery for you at a reasonable price, if yours has lost too much of its capacity.)<\/p>\n
However, you might not be aware that there’s a real danger in using an iPhone for too long. Specifically, if an iPhone can no longer run the latest version of Apple’s iOS operating system, it will miss out on a lot of critical security updates. Vulnerabilities that remain unpatched can put you at risk.<\/p>\n
In this article, we’ll explain in greater detail why using an old iPhone can be dangerous, and which iPhone models are safe to buy in 2025. (See also our articles about when old Macs become unsafe to use<\/a> and when old iPads become unsafe to use<\/a>.)<\/p>\n Apple regularly issues security updates for all its platforms, and some of these updates patch “zero-day vulnerabilities”\u2014serious flaws that have already been actively exploited in the wild. This means that they’re not merely theoretical vulnerabilities; any device that doesn’t get updated is at risk of becoming compromised (hacked) by threat actors. Most users don’t think much about this, but there is a real danger to not getting security updates for your iPhone.<\/p>\n The most serious of these are known as “zero-click” vulnerabilities<\/strong>. This type of vulnerability exploits weaknesses in the operating system to compromise devices without the user doing anything at all.<\/em> You don’t have to get tricked into launching an app or tapping on a link to a website. Many of these exploits take advantage of vulnerabilities that occur when, for example, a preview of a webpage or document is displayed in the Messages or Mail apps. In fact, zero-click exploits can even infect your device when it’s completely locked, just sitting there on your Lock Screen.<\/span><\/p>\n It is well known that the NSO Group’s Pegasus spyware<\/a> has used zero-click exploits<\/a> in its arsenal of attacks. These has been used in targeted attacks against the iPhones of politicians, journalists, and activists. Most of these attacks attempt to compromise devices belonging to specific people in order to gain intelligence.<\/span><\/p>\n Most average users don’t necessarily have to worry about Pegasus or similar nation-state spyware. However, eventually the details about the vulnerabilities used by Pegasus and other spyware will come to light. Apple gives some minimal details about most of the vulnerabilities it patches. Moreover, savvy experts are able to reverse-engineer Apple’s patches to see exactly how a vulnerability was fixed\u2014and how to exploit it on unpatched devices.<\/p>\n In other words, today’s nation-state attacker’s vulnerability could become part of tomorrow’s everyday cybercriminal’s arsenal.<\/strong> And at that point, if your iPhone or other Apple devices are not up-to-date, then you are at risk from more widespread attacks.<\/p>\n Some vulnerabilities that Apple patches in its security updates involve WebKit, the rendering engine used by the Safari Web browser. In fact, as of early 2024, all third-party browsers on iOS and iPadOS use WebKit; Apple’s App Store policies prohibit browsers like Firefox and Chrome from bringing their own engines. (Technically, the EU is exempt from that restriction<\/a>, but developers have not yet exercised the option to distribute non-WebKit versions of their browsers for iPhone or iPad.)<\/p>\n Not having a fully up-to-date iOS version means that hackers could compromise your iPhone when you simply browse to a hacked or malicious site, or even when you view a malicious email with embedded rich Web content.<\/a><\/p>\n Apple regularly issues security updates for the current operating systems of all its devices. They occasionally issue security updates for the previous versions of their operating systems, but it’s important to be aware that updates for older Apple OS versions don’t patch all vulnerabilities<\/a>. (In certain cases, some vulnerabilities patched in today’s operating system might not have existed in last year’s operating system, but perhaps more often than not, Apple simply chooses not to back-port a patch.)<\/p>\n It can be risky to keep using the previous operating system version on any Apple device. Running an Apple device on an operating system older than the previous one is even more dangerous, because Apple has, in many cases, almost completely (or completely) stopped issuing updates.<\/p>\n Unfortunately, Apple doesn’t make this transparent to users. If you’re still using an iPhone 8 or X today, for example, your device cannot run iOS 18\u2014but you may recall getting an iOS 16 update pushed to your device a few months ago. Unless you read The Mac Security Blog, you’re probably\u00a0unaware that iOS 16 isn’t fully patched<\/strong>, which means it’s much less safe to use than iOS 18. Dozens of vulnerabilities currently remain unpatched for iOS 16. (And, in case you’re wondering, iOS 17 isn’t far behind. All devices that are compatible with iOS 17 can\u2014and should\u2014be upgraded to iOS 18.)<\/p>\n Put more bluntly, Apple gives a false sense of security by providing an incomplete set of patches to the “current minus one” OS<\/em><\/strong>, leaving users vulnerable but thinking they’re protected. The same goes for previous iPadOS and macOS versions as well. Based on Apple’s history over the past several years, we have every reason to expect that this will continue to be true throughout the lifespan of the current operating systems: iOS 18, iPadOS 18, and macOS Sequoia; the “one version old” operating systems might still get some patches, but will be significantly more vulnerable to exploitation\u2014and therefore much less safe to use.<\/a><\/p>\n Many people assume that an iPhone, if it hasn’t been damaged, should last for several years. The age at which people have traded in iPhones has increased in recent years, and now the average trade-in age is nearly three and a half years<\/a>. But this statistic masks the fact that many people don’t trade in old phones; they may keep using them for many years longer than that, or they may pass them on to family members or friends. And remember that that’s just the average. While some people upgrade yearly, others wait five, six, or seven years or longer before buying a new iPhone.<\/p>\n In order to get the maximum value out of an iPhone purchase, it makes the most sense to buy new flagship models when they are first released, usually in the fall of each year. (Note: Apple’s iPhone 16 line began shipping on September 20, 2024; see our guide to how to choose the right iPhone for you<\/a>.) Buying an iPhone as soon as new models come out will help ensure that you get as many years as possible out of your purchase (as we will continue to explore further in this article). The main thing to know is that when you buy a brand-new model, you can rest assured that it will get the maximum number of years of major new iOS releases\u2014and that means the maximum number of years of security updates, too.<\/a><\/p>\n For many years, Apple ensured that old devices were able to run the latest version of iOS. You could have bought a new iPhone in late 2015 that was still getting security updates seven years later. Until iOS 16, which was released in late 2022, you could still run the latest version of iOS on an iPhone as old as the iPhone 6S. In fact, the iPhone 6S had been the cutoff for devices supporting the latest version of iOS since iOS 13 (see the chart below).<\/p>\n In late 2023, Apple filed a regulatory document in the UK<\/a> stating that they would provide updates for a minimum of five years from the date of first sale<\/strong>. This means that an iPhone first sold in September 2024 would be guaranteed to get security updates until at least September 2029.<\/p>\n In June 2024, Apple announced the release of iOS 18, and stated that iPhones as old as the iPhone XS and iPhone XR (and, in fact, all models that supported iOS 17) would be able to run the new operating system. These devices were released in late 2018, so that means that they will effectively get at least seven years<\/strong> of updates after these models first shipped. (They may or not be able to run iOS 19; we won’t know until it’s announced in mid-2025.) So, in practice, Apple is currently offering more than five years of updates.<\/p>\n Many iPhone users don’t buy immediately after a new model comes out; some may wait until the early-fall sales in anticipation of the next model’s release, to save a bit of money. This isn’t necessarily a great idea from a security perspective, if you want to maximize the number of years you can safely get out of that device<\/strong>. But most people are completely unaware of this.<\/p>\n According to Apple’s own statistics<\/a> as of January 2025, as seen in the chart below, 19% of all iPhones were still running some version of iOS 17 (the “current minus one” release at the time). This means that their operating system was effectively at least four months old; iOS 18 came out in September 2024.<\/p>\n And worse yet, an additional 13% of all iPhones were running a version of iOS older than iOS 17\u2014meaning their operating system was effectively about two <\/em>years old or older.<\/em><\/strong> Many of these may be devices older than the iPhone 8, 8 Plus, or X, which were able to run up to iOS 16, but some may also be devices whose owners have simply not upgraded iOS, for a variety of reasons.<\/p>\n In total, 32%\u2014nearly one third\u2014of all iPhones were running an outdated operating system, and susceptible to being exploited with known vulnerabilities.<\/strong><\/em><\/p>\n As an aside, even if we focus on just the iPhone models introduced in the past four years\u2014all of which were iOS 18 compatible\u201419% of them were still running iOS 17, and an additional 5% were running something older than that. On the surface, that means that nearly 1 in 4 recent<\/em> iPhones are running a very old, outdated, and insecure operating system.<\/p>\n Of course, if Apple had given us the data to dig deeper into which specific<\/em> versions of iOS users were running (e.g. 18.1, 18.2, etc.), we would probably see that even amongst iOS 18 users, only a subset were actually installing every iOS update quickly\u2014and staying fully patched\u2014at any given time.<\/a><\/p>\n Only the iPhone XS and XR or later (which includes the iPhone SE 2nd gen, iPhone 11, and later) can run iOS 18. These are the same models that could run iOS 17.<\/p>\n Unlike macOS with OpenCore Legacy Patcher<\/a>, there’s no third-party solution to run newer iOS versions on unsupported iPhones. If you have a model that can’t run iOS 18, your only option is to buy a newer iPhone if you want security updates.<\/p>\n If you’re thinking about buying an old model of iPhone or a refurbished unit, be aware that its safe lifespan is limited. The same is true if you hand an iPhone down to a family member. It’s important to ensure that the model in question will still get major iOS updates for as long as you plan to use it.<\/p>\n Apple always sells one or two older model iPhones, still new in box, alongside the latest model. (For example, Apple currently sells the full iPhone 16 lineup, as well as iPhone 15 and 15 Plus. If we look at refurbished units<\/a>, Apple is even still selling iPhone 14 and iPhone 13 models.) From Apple’s perspective, this is a good way to reach a lower-income or more price-conscious audience, by offering iPhones that are less expensive than the newest ones.<\/p>\n (See our iPhone buyers guide to choose which model is best for you<\/a>.)<\/p>\n As we touched upon, Apple also sells some refurbished iPhone units. As of today, the oldest iPhone models that are currently listed on Apple’s website are from the iPhone 13 line, in both the U.S.<\/a> and UK<\/a> stores. The iPhone 13 line was released in September 2021, and can run iOS 18. These models will probably be able to run iOS 19 as well (which will presumably be released in fall 2025, and be fully patched until fall 2026).<\/p>\n But what about after that? Based on Apple’s commitment to the UK, Apple could choose to drop support for this model as soon as fall 2026. In theory, this means that you could potentially buy an iPhone 13, directly from Apple, that may only be safe to use for two years before it no longer receives full security updates. (On the other hand, in recent years Apple has tended to support new iOS versions on iPhone models for six or seven years after their first sale date, so you might not get cut off until as late as fall 2028. Only time will tell.)<\/p>\n This is not as bad as Apple selling the Apple Watch Series 3 new<\/em> after it had already stopped getting security updates<\/a>; it was unconscionable to sell a device after it had been cut off. Apple even continued to sell the Apple Watch Series 3 refurbished<\/em> for eight months after its last comprehensive security update.<\/p>\n You can buy used, refurbished, or even (ahem) “new” older iPhone models from many sources. Amazon sells them, eBay sellers always have plenty of stock, and mobile carriers’ stores may sell them as well. If you shop around, you’ll likely see iPhone X models, and even older. You may think you’re getting a good deal by buying an old iPhone at a super discount, but doing so may put you at risk. It may either have already been cut off from the latest major iOS version, or it may get cut off roughly a year from now, which means that you could start missing out on important security updates.<\/p>\n Not everyone can afford to buy a brand new iPhone model every few years, but it isn’t really necessary to. Buying an older model to save money can be tempting. But if you tend to use the same iPhone for many years, beware that it won’t get security updates for as many years as a new model will.<\/p>\n When is the best time to buy?<\/strong> If you want to get the maximum lifespan out of your iPhone purchase, buy it when the model is brand new, as soon as the new flagship model comes out, which is usually in the fall. If you want to keep using an iPhone for as many years as possible, avoid buying models that are already more than a year old. These models will get cut off from major iOS upgrades sooner than newer devices, which will make them unsafe to use in a shorter timeframe.<\/p>\n If you’re on a tight budget<\/strong>, consider getting the iPhone 16e, released in February 2025. While it’s not cheap, starting at $599, it has a good feature set for an entry-level iPhone.<\/a><\/p>\n You may also be interested in Intego Chief Security Analyst Josh Long’s FAQ thread<\/a> on \ud835\udd4f\/Twitter addressing common misconceptions about iPhone security updates (click<\/a> to read the full post and thread):<\/p>\n \u26a0\ufe0f I\u2019m seeing a ton of misinformation about iPhone security updates. Apparently almost nobody on \ud835\udd4f has a correct understanding of this.* \ud83e\udd26\ud83c\udffc\u200d\u2642\ufe0f Allow me to help set the record straight. \ud83c\udf4f\ud83d\udd12<\/p>\n *This is a strong argument for why Apple needs to make public commitments about how long it\u2026 pic.twitter.com\/3OxIiX99jK<\/a><\/p>\n — Josh Long (the\u00a0JoshMeister) (@theJoshMeister) October 5, 2023<\/a><\/p><\/blockquote>\n\n
The risk of not getting security updates: zero-day and zero-click exploits<\/h3>\n
Zero-click vulnerabilities<\/strong><\/h4>\n
WebKit vulnerabilities affect all iOS browsers<\/strong><\/h4>\n
Apple’s patching policy provides a false sense of security<\/h3>\n
When should you upgrade your iPhone?<\/h3>\n
Which devices can run the latest version of iOS?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/12\/ios-compatibilty.png\")
<\/h3>\nApple admits that 1\/4 of users aren’t running the current major iOS version<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/12\/iphone-compatibility-apple.png\")
<\/p>\niPhones no longer supported by iOS 18<\/strong><\/h4>\n
Think twice before buying an old model, no matter how good a “deal” it may seem<\/strong><\/h4>\n
What about refurbished iPhones?<\/strong><\/h4>\n
Should you buy a used, refurbished, or “new in box” older model of iPhone, from a third party?<\/strong><\/h4>\n
Key takeaways<\/h3>\n
How can I learn more?<\/h3>\n
\n