If you own an older iPhone that hasn’t been updated in a while, Apple may have already gotten your attention. Starting in recent weeks, the company has begun pushing persistent lock screen notifications to iPhones running iOS 13 through iOS 17, urging owners to install available software updates. The warnings are harder to ignore than the usual red badge on the Settings icon, and for good reason: devices stuck on outdated iOS versions remain exposed to security flaws that attackers are actively exploiting.
Why Apple is pushing harder than usual
Apple has always nudged users toward software updates, but lock screen warnings represent a notable escalation. Typically, the company relies on pop-up prompts or a notification badge within the Settings app. Placing alerts directly on the lock screen, visible before a user even unlocks their phone, signals that Apple considers the risk serious enough to break from its usual approach.
The urgency traces back to a class of vulnerabilities in WebKit, the browser engine that powers Safari and every other browser on iOS. One of the most significant is CVE-2021-30952, a memory corruption flaw that allows an attacker to run code on a target device simply by getting the user to visit a malicious web page. Apple patched this vulnerability in December 2021 with the release of iOS 15.2, but any iPhone that never received that patch, or that runs a version of iOS where the fix was never backported, remains vulnerable.
This is not a theoretical concern. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-30952 to its Known Exploited Vulnerabilities (KEV) catalog, a list that only includes flaws with confirmed evidence of real-world exploitation. Inclusion in the KEV catalog triggers mandatory remediation deadlines for all U.S. federal civilian agencies. When CISA puts a vulnerability on that list, it is stating, based on its own intelligence, that attackers have used it against real targets.
Which iPhones are affected
The lock screen warnings appear on devices running iOS 13 through iOS 17, but the risk level varies significantly depending on the hardware.
iPhones that support iOS 18, Apple’s current major release as of June 2026, can resolve the issue by updating to the latest version. That includes the iPhone XS and newer models. For these users, the lock screen warning is a straightforward prompt: update your software and the known vulnerabilities go away.
The situation is more complicated for owners of older hardware. The iPhone 7 and 7 Plus max out at iOS 15, the iPhone 8 and X can reach iOS 16, and the iPhone XS through iPhone 11 lines support iOS 17. Apple has continued to release security patches on the iOS 17.7.x and iOS 16.7.x branches for some of these devices, which means owners should check Settings > General > Software Update to see if a newer point release is available, even if they cannot jump to iOS 18.
Devices stuck on iOS 13 or iOS 14, such as the iPhone 6S and original iPhone SE, are in the most precarious position. Apple no longer issues security updates for these versions, so the WebKit vulnerabilities flagged by CISA will remain unpatched permanently on that hardware.
What Apple has and hasn’t said
Apple has not published a formal statement explaining the scope or timing of this lock screen notification campaign. The company has not disclosed how many devices are receiving the alerts, and it has not released any breakdown of how many iPhones worldwide still run older iOS versions. Independent analytics firms like Mixpanel and Statcounter publish iOS version share estimates, but Apple’s own data remains internal.
The company also has not offered tailored guidance for users whose hardware cannot support current software. There is no Apple support document, as of June 2026, advising iPhone 6S or iPhone 7 owners on how to mitigate WebKit vulnerabilities if they choose to keep using their devices. Security researchers have suggested practical steps: avoid clicking unfamiliar links, stick to trusted apps rather than logging into services through Safari, and consider disabling JavaScript in Safari’s settings. These are risk-reduction measures, not fixes, and none carry Apple’s official endorsement.
The broader tension between security and device longevity
Apple supports its hardware with software updates longer than most smartphone manufacturers. An iPhone purchased in 2018 may still be receiving security patches in 2026. But every device eventually falls off the update cycle, and when it does, any unpatched vulnerability becomes a permanent fixture of that phone’s security profile.
CVE-2021-30952 is a clear example of why that matters. WebKit flaws are particularly dangerous on iOS because Apple requires all browsers on the platform to use WebKit as their rendering engine. Switching from Safari to Chrome or Firefox does not help; the underlying vulnerable code is the same. A single malicious web page can potentially compromise the device regardless of which browser the user prefers.
For owners of unsupported iPhones, the lock screen warning amounts to Apple acknowledging a problem it cannot solve with software. The phone still works. It still makes calls, runs apps, and takes photos. But it carries a documented, actively exploited security gap that will not be closed. Whether Apple intends these notifications to accelerate hardware upgrades or simply to make the residual risk visible, the practical effect is the same: users must weigh the cost of replacing a functional phone against the reality of using a device with a known open door.
Anyone seeing these warnings should start by checking for available updates in Settings > General > Software Update. If your iPhone can reach iOS 18, install it. If it can only reach iOS 17.7.x or iOS 16.7.x, install the latest point release available. And if your device is stuck on iOS 15 or earlier with no further updates offered, it may be time to seriously consider whether that phone should still be your daily driver.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
