Apple has announced that, starting June 30, customers will no longer be able to change their iTunes or App Store payment information from devices running iOS 4.3.5 or earlier, OS X 10.8.5 or earlier, or Apple TV Software 4.4.4 or earlier.
In an email to customers who may be impacted, Apple said it is implementing this change to continue to ensure that their financial information is protected when they make purchases on the iTunes Store or App Store. For emphasis, this appears to be a proactive move, not the result of a security breach.
Given how old the affected software versions are, relatively few customers should be impacted by this move. iOS 4.3.5 and Apple TV Software 4.4.4 were both released in 2011, while macOS 10.8.5 was seeded in September 2013 as the final update to what was then called OS X Mountain Lion.
If you're using one of these versions on your device and need to change your payment method, Apple says to update your device to the latest version of the software. Of course, this may not be possible on older devices that have been phased out, in which case a newer device with newer software must be used.
The full email to customers courtesy of MacRumors reader Rich:
On June 30, 2018, Apple will implement changes to continue to ensure your financial data is protected when you make purchases on the iTunes Store or App Store.
Our records show that you may be accessing the store from an older version of iOS, macOS, or Apple TV software:
- iOS 4.3.5 or earlier
- macOS 10.8.5 or earlier
- Apple TV Software 4.4.4 or earlierTo be able to change your payment information with devices running the software listed above, you'll need to update to a more recent software version.
The email was also shared on Reddit.
Apple provides more details, instructions on how to update to the latest version of iOS, macOS, and Apple TV software, and steps to change your payment method, in a support document related to this change.
Update: As noted by MacRumors forum member Cdbrawn, this change appears to be in line with the PCI-SSC's requirement that all businesses processing payments online must transition to TLS 1.1 encryption or better by June 30, 2018. The affected iOS, OS X, and Apple TV software versions use TLS 1.0.
Top Rated Comments
These will be the TLS 1.0 OS versions.
Apple are doing what all the large card processors are doing.
The problem is that this sort of stuff is as strong as the weakest link. If you allow weaker encryption for older devices it would reduce security for everyone because attackers can use downgrade attacks by pretending to be an old device. Spending a lot of effort on fixing old software for what is likely a fairly small group of people will not be worth it.