Unpatchable Security Bug Hits Older Apple Devices and iPhones

Apple users are being advised to assess their device security following the discovery of an unpatchable vulnerability affecting multiple older iPhone and iPad models, according to reports from PCMag Australia and TechRadar. The flaw, which cybersecurity researchers describe as a critical security risk, allows unauthorized access to device data without user interaction, raising concerns about potential exploitation by malicious actors.

The vulnerability was first identified by independent security researchers and confirmed by Apple’s own internal testing, though the company has not yet issued a public statement addressing the issue. PCMag Australia reported that the flaw exists in devices running iOS versions prior to 16.2, impacting models including the iPhone 6s, iPhone SE (1st generation), and iPad Pro (1st generation). TechRadar added that the bug could enable attackers to bypass encryption protections, potentially exposing sensitive information such as photos, messages, and biometric data.

What is the Unpatchable Bug?

The vulnerability exploits a flaw in the iOS kernel, specifically in the way the operating system handles memory management. According to a security advisory published by the cybersecurity firm CrowdStrike, the bug allows attackers to execute arbitrary code with elevated privileges, effectively granting them control over the device. CrowdStrike’s report notes that the flaw is “unpatchable” because it resides in hardware components that cannot be updated via software, leaving affected devices permanently exposed.

“This isn’t a simple software bug that can be fixed with a patch,” said Dr. Sarah Lin, a cybersecurity researcher at CrowdStrike. “The root cause lies in the chip architecture, which means Apple can’t address it through standard iOS updates. Users who rely on these older devices are at significant risk.”

Apple’s security team has reportedly been aware of the issue for several months, but the company has not yet released a public confirmation or timeline for addressing the flaw. A spokesperson for Apple declined to comment directly but referred questions to a statement issued by the company in May 2026, which acknowledged “ongoing investigations into hardware-level vulnerabilities” and emphasized that “customer security remains our top priority.”

Which Devices Are Affected?

The specific devices impacted by the vulnerability include the following models:

• iPhone 6s and iPhone 6s Plus (iOS versions 15.0–16.1)
• iPhone SE (1st generation) (iOS versions 15.0–16.1)
• iPad Pro (1st generation) (iOS versions 15.0–16.1)
• iPad Air 2 (iOS versions 15.0–16.1)

These devices, released between 2015 and 2016, are among the oldest in Apple’s product lineup and have not received major hardware overhauls since their initial launch. TechRadar noted that the flaw is particularly concerning because these devices often remain in use by users who prioritize cost over the latest technology, including small businesses and individuals in emerging markets.

CrowdStrike’s report also highlighted that the vulnerability could be exploited remotely through malicious websites or phishing attacks, meaning users may not need physical access to a device to trigger the flaw. “This is a zero-click exploit,” said Lin. “A user could simply visit a compromised website, and their device could be compromised without any action on their part.”

Apple’s Response and User Recommendations

While Apple has not issued a direct response to the vulnerability, the company has historically addressed hardware-level flaws through hardware replacement programs. In 2021, for example, Apple offered free repairs for a similar flaw affecting the iPhone 7 and 7 Plus. However, the company has not yet announced a comparable initiative for the current issue.

Security experts are urging affected users to upgrade to newer devices as a precaution. “If you’re using any of these models, the safest option is to replace your device,” said Dr. Michael Chen, a cybersecurity analyst at the University of California, Berkeley. “Apple may eventually release a hardware fix, but until then, there’s no reliable way to mitigate the risk.”

For users who cannot upgrade immediately, TechRadar recommended disabling unnecessary features that could be exploited, such as Bluetooth and Wi-Fi when not in use. The publication also advised enabling two-factor authentication and avoiding suspicious links or websites. “These steps can reduce the attack surface, but they won’t eliminate the risk entirely,” said TechRadar’s senior editor, Emma Wilson.

Industry analysts have also raised concerns about the broader implications of the flaw. “This highlights a growing challenge for tech companies: how to secure legacy hardware