On 25-01-2023 03:09 Jolly Roger <
jolly...@pobox.com> wrote:
> he doesn't *care*
I think I do care to understand what that link says about Apple releases.
But you say I don't care because you read the same link but you came to a
different conclusion than I did about what that link says about releases.
Since you say you care how Apple releases iOS & macOS, what do you think
this link says about why and how Apple clarified its own release policy?
https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
I'll type is up below for you so that you don't even have to click it.
What specifically are you saying is wrong that is said in the link below?
Apple clarifies security update policy.
Only the latest OSes are fully patched.
New document confirms what security researchers have observed for years.
ANDREW CUNNINGHAM - 10/27/2022, 9:48 PM
UPGRADE TO GET YOUR UPDATES
Earlier this week, Apple released a document clarifying its terminology and
policies around software upgrades and updates. Most of the information in
the document isn't new, but the company did provide one clarification about
its update policy that it hadn't made explicit before: Despite providing
security updates for multiple versions of macOS and iOS at any given time,
Apple says that only devices running the most recent major operating system
versions should expect to be fully protected.
Apple isn't actually patching all the security holes in older versions.
Throughout the document, Apple uses "upgrade" to refer to major OS releases
that can add big new features and user interface changes and "update" to
refer to smaller but more frequently released patches that mostly fix bugs
and address security problems (though these can occasionally enable minor
feature additions or improvements as well). So updating from iOS 15 to iOS
16 or macOS 12 to macOS 13 is an upgrade. Updating from iOS 16.0 to 16.1 or
macOS 12.5 to 12.6 or 12.6.1 is an update.
"Because of dependency on architecture and system changes to any current
version of macOS (for example, macOS 13)," the document reads, "not all
known security issues are addressed in previous versions (for example,
macOS 12)."
In other words, while Apple will provide security-related updates for older
versions of its operating systems, only the most recent upgrades will
receive updates for every security problem Apple knows about. Apple
currently provides security updates to macOS 11 Big Sur and macOS 12
Monterey alongside the newly released macOS Ventura, and in the past, it
has released security updates for older iOS versions for devices that can't
install the latest upgrades.
Some Macs are getting fewer updates than they used to.
Here's why it's a problem.
This confirms something that independent security researchers have been
aware of for a while but that Apple hasn't publicly articulated before.
Intego Chief Security Analyst Joshua Long has tracked the CVEs patched by
different macOS and iOS updates for years and generally found that bugs
patched in the newest OS versions can go months before being patched in
older (but still ostensibly "supported") versions, when they're patched at
all.
This is relevant for Mac users because Apple drops support for older Mac
and iDevice models in most upgrades, something that has accelerated
somewhat for older Intel Macs in recent years (most Macs still receive six
or seven years of upgrades, plus another two years of updates). This means
that every year, there's a new batch of devices that are still getting some
security updates but not all of them. Software like the OpenCore Legacy
Patcher can be used to get the newest OS versions running on older
hardware, but it's not always a simple process, and it has its own
limitations and caveats.
That said, this probably shouldn't dramatically change your calculus for
when to upgrade or stop using an older Mac. Most people running an
up-to-date Big Sur or Monterey installation with an up-to-date Safari
browser should be safe from most high-priority threats, especially if you
also keep the other apps on your Mac updated. And Apple's documentation
doesn't change anything about how it updates older software; it merely
confirms something that had already been observed.
We've asked Apple to be more upfront about its security communication, and
this is a step forward in that regard. But if you believe you're being
specifically targeted by attackers, you have another reason to make sure
your software (and hardware) are fully updated and upgraded.