Security & Privacy
Posted on
by
Joshua Long
Every year, I inevitably see sales on tech devices on Black Friday, Cyber Monday, and throughout the holiday shopping season. And every year, some of those “deals” make me cringe.
It’s important to avoid buying tech that’s already vulnerable—or is so old that it may soon have perpetual security vulnerabilities. Retailers often sell these devices at deep discounts to clear out their inventories.
Here’s how to avoid buying dangerously outdated tech, both during the holiday shopping season and throughout the year.
In this article:
Avoiding dangerously outdated Apple devices
First, let’s take a look at which Apple devices you should avoid buying—and why.
As a general overview, it’s important to understand that Apple only releases complete security updates for devices that can run the very latest Apple OS.
If you have a device that can’t run a fully patched OS, then using it as an Internet-connected device isn’t entirely safe; it’s more susceptible to hacking and malware infections.
This is demonstrably true for Mac, iPhone, iPad, and Apple Watch; if they can’t run the latest macOS, iOS, iPadOS, or watchOS, they’re no exception to the rule. (To date, there haven’t been reports of watchOS malware in particular. But nevertheless, it’s unwise to wear an Internet-connected smartwatch that’s known to have exploitable vulnerabilities; they can display text messages, which could contain malicious attachments.)
Unfortunately, Apple products don’t come with any guarantee of security updates until a specific date after a given model is first sold. Similarly, Apple doesn’t guarantee support for a specific number of years after the last date of sale; in fact, we even saw Apple continue selling an expired (dangerous) product last year. So all we can do is extrapolate based on how long Apple has supported previous hardware, and generally try to avoid buying the oldest still-supported models.
Macs
Only the following Mac models can officially run macOS Sequoia:
- MacBook Air (2020 or newer)
- MacBook Pro (2018 or newer)
- iMac (2019 or newer)
- iMac Pro (2017)
- Mac mini (2018 or newer)
- Mac Pro (2019 or newer)
- Mac Studio (2022 or newer)
If you see a Mac on sale that’s older than this, don’t buy it. Not only is the hardware more than four years old, but it is already unsafe to use because it cannot run a fully patched macOS—at least not without Apple’s support or blessing.
Similarly, if you find “deals” on Mac models first released around 2017–2020, even if they’re on the list above, consider the possibility that you may get just under a year or two of running a fully patched macOS; after that, they may only run a previous year’s not-fully-patched macOS. You’ll need to determine whether the sale price point makes it worth the risk of potentially not having a fully patched Mac in less than 1–2 years from now. (Technically, you might be able to run an newer macOS version on older Macs that don’t support it. However, it may not always be possible for third parties to modify future macOS versions to add backward compatibility.)
iPhones
Let’s take a look at iPhones next. Only the following iPhone models can run iOS 18:
- iPhone XR
- iPhone XS Max and XS
- iPhone 11 Pro Max, 11 Pro, and 11, or newer
- iPhone SE (2nd generation) or newer
If you see an iPhone on sale that’s older than this, don’t buy it. (This includes, for example: iPhone X, iPhone 8 Plus and 8, and iPhone SE 1st generation.) Not only is such hardware six or more years old, but it is already unsafe to use because it cannot run a fully patched iOS.
Similarly, avoid “deals” on iPhone XR, XS, or XS Max; these models were released in 2018 and have an A12 Bionic chip, and iPhone XS Max is already on Apple’s “vintage products” list. Also be cautious about all iPhone 11 models and iPhone SE (2nd generation); these models were released in late 2019 or early 2020 have an A13 Bionic chip. There’s a good possibility that if you buy any of these models now, you may get less than a year of running a fully patched iOS; after that, these may only run a previous year’s not-fully-patched iOS. You’ll need to determine whether the sale price point makes it worth the risk of potentially not having a fully patched iPhone in less than a year from now, if Apple doesn’t support iOS 19 on that model in 2025.
And if you see anyone selling an iPod touch, don’t buy it; Apple discontinued the 7th-gen model in 2022, just three months before iOS 16’s release, and didn’t even offer iOS 16 for it. In other words, all iPod touch models can only run an outdated and highly vulnerable version of iOS; none of these devices are safe to use online in 2024.
iPads
Next, let’s look at iPads. Only the following iPad models can run iPadOS 18:
- iPad (7th generation) or newer
- iPad Air (3rd gen) or newer, including 13-inch (M2)
- iPad mini (5th gen) or newer, including A17 Pro
- iPad Pro 11-inch (1st gen) or newer, including M4
- iPad Pro 12.9-inch (3rd generation) or newer
- iPad Pro 13-inch (M4)
Again, if you see an iPad on sale that’s older than this (including iPad Pro 10.5-inch), don’t buy it. It is already unsafe to use because it cannot run a fully patched iPadOS.
As with iPhones, be cautious about buying any models on the older end of the spectrum, relative to age and processor generation. These include:
- iPad (7th gen) — A10 Fusion chip, released Sep 2019
- iPad (8th gen) — A12 Bionic chip, released Sep 2020
- iPad Air (3rd gen) — A12 Bionic chip, released Mar 2019
- iPad mini (5th gen) — A9 chip, released Mar 2017
- iPad Pro 11-inch (1st gen) — A12X Bionic chip, released Oct 2018
- iPad Pro 11-inch (2nd gen) — A12Z Bionic chip, released Mar 2020
- iPad Pro 12.9-inch (3rd gen) — A12X Bionic chip, released Oct 2018
- iPad Pro 12.9-inch (4th gen) — A12Z Bionic chip, released Mar 2020
If you see sales on any of the iPad models in the list above, consider that you might get less than a year or two of running a fully patched iPadOS; after that, it might only run a previous year’s not-fully-patched iPadOS. You’ll need to determine whether the sale price point makes it worth the risk of potentially not having a fully patched iPad in less than 1–2 years from now.
Apple Watches
Thankfully, the Apple Watch lineup is much simpler.
Don’t buy any Apple Watch Series 5 or older, or Apple Watch SE (1st generation). These devices are no longer getting security updates.
Be cautious about deals on Apple Watch Series 6, or Apple Watch SE (2nd generation). These models will turn five years old and could potentially get cut off from security updates less than a year from now, when Apple releases watchOS 12 in fall 2025. So I’d recommend avoiding them; but if you do buy one, my advice is to only spend as much as you think nine months’ usage is worth.
Beware of outdated Android and ChromeOS devices
Android smartphones and tablets
If you’re thinking about buying a Google Pixel smartphone, check Google’s page that lists each model’s anticipated end of security updates. (Notably, Google has promised a stunning seven years of security updates for its Pixel 8 Pro and 8 smartphones, as well as later models.) Even alternative Android operating systems like GrapheneOS (a privacy-focused, de-Googled version of Android) typically stick to Google’s official support timelines.
Other Android smartphone manufacturers will have their own separate policies on how many years of security updates they guarantee. For example, Samsung’s policy is to offer security updates for seven years for Galaxy S24 or later smartphones, or four years for tablets and watches. For other manufacturers, you’ll have to check their support sites for details.
Chromebooks and other ChromeOS devices
Google maintains a comprehensive list of all ChromeOS devices (including Chromebooks) and their anticipated final month of security updates. Conveniently, this page lists devices from all third-party manufacturers, too, making it relatively easy to find a particular product’s lifespan.
Before you buy a Chromebook, check the list to ensure that the model you’re considering has at least a year or more of updates remaining. After you make your purchase, you may want to mark your calendar as a reminder of when security updates will end for that device.
If you plan to use your new Chromebook for as many years as possible, you may wish to first search the list for models with several years of updates remaining. Then you can work backwards and try to find sales on those specific models. There are a handful of devices that already boast a June 2034 end of life, and more than 50 models that claim to offer OS updates through June 2033!
Don’t buy outdated Wi-Fi routers
The current wireless network standard is Wi-Fi 7 (IEEE 802.11be)—but Wi-Fi 6E (the latest version of the IEEE 802.11ax standard) is still widely in use today. The only Apple devices that currently support Wi-Fi 7 as of late 2024 are the iPhone 16 lineup; presumably future Apple products released in 2025 will begin to support Wi-Fi 7.
This year, many stores will try to sell you discounted Wi-Fi 6 (an earlier version of the 802.11ax standard) or even Wi-Fi 5 (IEEE 802.11ac) wireless routers or access points.
You should definitely avoid all routers designated as either Wi-Fi 5 or 802.11ac. Why? You might assume it’s because it’s simply an older, slower standard. But the more important reason is that routers based on this standard were mostly released between 2014 and 2019. That very likely means that many deeply discounted Wi-Fi 5 routers are either no longer getting firmware security updates, or could stop getting updates soon.
In fact, many Wi-Fi 6 routers were first released in 2019 or 2020. So even routers designated as “Wi-Fi 6” may be old, outdated, and no longer getting security updates. For this reason, we recommend buying Wi-Fi 7 routers—or Wi-Fi 6E at minimum, after verifying with the manufacturer that the model is still supported.
How can you know if a Wi-Fi router is outdated?
Unfortunately, many router manufacturers will never notify you when they’ve stopped releasing updates for a particular model; if you already own one, you just have to assume they’re no longer getting updates if it has been a year or more since they released the most recent update. If you haven’t bought a router yet, often the best you can do is to try to find information about the most recent firmware update for that model on the company’s support site.
This is why in 2024, I recommend buying routers designated as Wi-Fi 7, even though you’ll have to pay a bit more for them. You probably don’t really need Wi-Fi 7 just yet. But buying 7 ensures that you have a router that was released as recently as possible. And that, more often than not, is the easiest way to identify that a router will continue getting firmware updates as far into the future as possible.
Identifying other outdated tech to avoid
As a general rule, I recommend buying the latest generation of any Internet-connected tech hardware, ideally soon after it’s released. This usually ensures that you’ll get the maximum years of security updates for that product.
There’s one exception to that rule, however. If you’re considering buying a device like a smartphone that’s a year or two (i.e. a generation or two) old, that might be okay for your needs, too; just be sure you know roughly how long it will get security updates, and decide whether you feel it’s worth the trade-off between the lower price and shorter lifespan. Not everyone necessarily requires the maximum number of years of security updates, if you’re likely to trade in or sell that device (e.g. phone, tablet, or computer) in two or three years anyway.
Retailers like Amazon sometimes disclose in the product title or description when a product is a previous-generation model. Sometimes, but not always—so be careful.
Amazon Kindle e-readers
But Amazon Kindle e-readers in particular have a security update policy that I like. The company guarantees “software security updates until at least four years after the device is last available for purchase on our websites.” Amazon lists all the Kindle models that will get updates through at least 2028. Four years isn’t necessarily impressive, but I really appreciate that the policy is based on the last date of sale, not on the first date of sale for a given Kindle model.
(Imagine if Apple based its security update policy on the last-sold date; it could have avoided selling Apple Watch Series 3 past its expiration date, and could have given the last two iPod touch models additional years of full security updates, rather than merely three months after discontinuing them.)
Beware of buying Kindles from third-party sellers like eBay. You won’t get the same longevity guarantee if you buy an older model that Amazon itself isn’t currently selling.
Internet of Things (IoT) devices
What if I’ve already bought dangerous tech?
Unfortunately, with many so-called “Black Friday” sales now often extending back as far as November 1, you might have already purchased some tech items. And you might just now realize that they might be hazardous to your security and privacy, or might soon be.
What can you if you regret your recent purchase? It really depends on the retailer.
Amazon usually has a decent return window—though it may not necessarily extend much later than Christmas. With eBay, sellers choose whether or not to accept returns on a particular item; check the item’s listing for details.
Larger retail stores like Target and Costco tend to have reasonable return policies. Costco doesn’t sell much outdated tech other than Wi-Fi 6 routers (which are only arguably outdated; many network equipment manufacturers still sell Wi-Fi 6 products alongside Wi-Fi 7 and 6E products).
But you’re more likely to find old tech for sale at Target, especially in its online store. For example, imagine my surprise when, in November 2024, I found an iPhone 7 (a 2016 model) still being sold at target.com. This model can’t run iOS 18, and in fact is stuck all the way back on iOS 15.
Amazon, too, notoriously sells old tech products as “new;” a quick search revealed iPhones as old as the 6S (2015) and SE 1st gen (2016) being sold as new—and Amazon itself sells the latter, not a third-party seller.
Intego’s 2024 Black Friday deals
At least you don’t have to worry about Intego’s software being unsupported soon. Here are all of our Black Friday deals for this year—valid from Monday, November 25 through Sunday, December 1, 2024:
Remember to use the links above to maximize your savings. And share these deals with your friends and family so they can save big as well!
How can I learn more?
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels:
About Joshua Long
Joshua Long (@theJoshMeister), Intego’s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master’s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which is often featured by major news outlets worldwide. Look for more of Josh’s articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon.
View all posts by Joshua Long →