Apple has announced that, starting June 30, customers will no longer be able to change their iTunes or App Store payment information from devices running iOS 4.3.5 or earlier, OS X 10.8.5 or earlier, or Apple TV Software 4.4.4 or earlier.
In an email to customers who may be impacted, Apple said it is implementing this change to continue to ensure that their financial information is protected when they make purchases on the iTunes Store or App Store. For emphasis, this appears to be a proactive move, not the result of a security breach.
Given how old the affected software versions are, relatively few customers should be impacted by this move. iOS 4.3.5 and Apple TV Software 4.4.4 were both released in 2011, while macOS 10.8.5 was seeded in September 2013 as the final update to what was then called OS X Mountain Lion.
If you're using one of these versions on your device and need to change your payment method, Apple says to update your device to the latest version of the software. Of course, this may not be possible on older devices that have been phased out, in which case a newer device with newer software must be used.
The full email to customers courtesy of MacRumors reader Rich:
On June 30, 2018, Apple will implement changes to continue to ensure your financial data is protected when you make purchases on the iTunes Store or App Store.
Our records show that you may be accessing the store from an older version of iOS, macOS, or Apple TV software:
- iOS 4.3.5 or earlier
- macOS 10.8.5 or earlier
- Apple TV Software 4.4.4 or earlierTo be able to change your payment information with devices running the software listed above, you'll need to update to a more recent software version.
The email was also shared on Reddit.
Apple provides more details, instructions on how to update to the latest version of iOS, macOS, and Apple TV software, and steps to change your payment method, in a support document related to this change.
Update: As noted by MacRumors forum member Cdbrawn, this change appears to be in line with the PCI-SSC's requirement that all businesses processing payments online must transition to TLS 1.1 encryption or better by June 30, 2018. The affected iOS, OS X, and Apple TV software versions use TLS 1.0.
Top Rated Comments
These will be the TLS 1.0 OS versions.
Apple are doing what all the large card processors are doing.
Why not just support all software forever?
My guess is that they are ramping up the Transport Layer Security (TLS) for communicating with the payment data backend and require stronger encryption. If older versions don't support the required cyphers they won't be able to connect.The problem is that this sort of stuff is as strong as the weakest link. If you allow weaker encryption for older devices it would reduce security for everyone because attackers can use downgrade attacks by pretending to be an old device. Spending a lot of effort on fixing old software for what is likely a fairly small group of people will not be worth it.
Gotta love that ecosystem/forced obsolescence
It's not forced obsolesce. You guys want less bloat in new versions of iTunes, then you gotta stop support of legacy versions of it. This is 100% the norm in software development. You can't have backwards compatibility forever.Gotta love that ecosystem/forced obsolescence
And people wonder why the Internet is so fully of misinformation ....Stop the conspiracy theory whining. All companies must stop using TLS 1.0 by June 30 to meet PCI-DSS standards.
Was going to say the same. There's going to be a lot of older devices from many vendors that are obsoleted by this.These will be the TLS 1.0 OS versions.
Apple are doing what all the large card processors are doing.