Apple stumbles from crisis to crisis
Oh dear oh dear Apple. You really are having a bad time just now. iCloud breaches last year, the release of software with gaping security holes, software that breaks other systems. Mr. Jobs will be dizzy from all the spinning. The latest woe is the release of code on Reddit that makes older iPads and iPhones sitting ducks for the bad guys.
The iBoot source code is what we are talking about here. Without getting too geeky, its the secret sauce that no-one should have but Apple - if you want to have secure devices that people can't hack into. It only affects iOS 9, but there are plenty older devices out there which cannot be upgraded beyond iOS 9, so are vulnerable to attack.
Estimates are that around 70 million devices are still on iOS 9, so this is no small problem. Here are the recommendations from ZDNeT, a technology news site:
Recognize that devices running iOS 9 are now on borrowed time
Consider phasing them out, especially if they are home to information that is valuable -- emails, banking, health, and so on
If you insist on continuing to use them, consider removing important information off the device
The end to iOS updates means that built-in apps such as Safari and Mail will no longer receive updates, and running outdated web browsers and email apps is a bad idea (you might want to start shifting to third-party apps -- yes, I know this is a hassle, but this is the work you have to put into keeping your device safe)
If your Wi-Fi router has a "guest network" feature, then consider setting this up and only connecting your obsolete device to this, because it will go some way to preventing any security vulnerabilities on your device and from giving hackers access to other devices on your networks (although this is far from perfect and can cause some features -- such as streaming to another device -- to stop working)
Since a common route for vulnerabilities is web browsing, it might also be worthwhile to install a VPN tool (such as Freedome) that offers the ability to filter out harmful websites
The bottom line is that anything still running iOS 9 is already vulnerable (there have been loads of iOS security fixes released since iOS 9 support ended) so you're already skating on thin ice.
This iBoot code release just made the ice a bit thinner.