Earlier this week, Apple released a document clarifying its terminology and policies about software program upgrades and updates. Most of the data in the document is not new, but the firm did offer 1 clarification about its update policy that it hadn’t created explicit just before: Despite delivering safety updates for various versions of macOS and iOS at any offered time, Apple says that only devices operating the most current important operating technique versions should really count on to be completely protected.
Throughout the document, Apple utilizes “upgrade” to refer to important OS releases that can add significant new options and user interface adjustments and “update” to refer to smaller sized but a lot more often released patches that largely repair bugs and address safety complications (even though these can sometimes allow minor function additions or improvements as properly). So updating from iOS 15 to iOS 16 or macOS 12 to macOS 13 is an upgrade. Updating from iOS 16. to 16.1 or macOS 12.five to 12.six or 12.six.1 is an update.
“Because of dependency on architecture and technique adjustments to any existing version of macOS (for instance, macOS 13),” the document reads, “not all recognized safety challenges are addressed in earlier versions (for instance, macOS 12).”
In other words, though Apple will offer safety-connected updates for older versions of its operating systems, only the most current upgrades will obtain updates for each safety challenge Apple knows about. Apple at the moment gives safety updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura, and in the previous, it has released safety updates for older iOS versions for devices that cannot set up the most recent upgrades.
This confirms anything that independent safety researchers have been conscious of for a while but that Apple hasn’t publicly articulated just before. Intego Chief Security Analyst Joshua Long has tracked the CVEs patched by distinct macOS and iOS updates for years and usually identified that bugs patched in the newest OS versions can go months just before getting patched in older (but nevertheless ostensibly “supported”) versions, when they are patched at all.
This is relevant for Mac customers for the reason that Apple drops help for older Mac and iDevice models in most upgrades, anything that has accelerated somewhat for older Intel Macs in current years (most Macs nevertheless obtain six or seven years of upgrades, plus an additional two years of updates). This indicates that each year, there is a new batch of devices that are nevertheless getting some safety updates but not all of them. Software like the OpenCore Legacy Patcher can be employed to get the newest OS versions operating on older hardware, but it really is not normally a easy method, and it has its personal limitations and caveats.
That mentioned, this almost certainly should not considerably transform your calculus for when to upgrade or quit applying an older Mac. Most persons operating an up-to-date Big Sur or Monterey installation with an up-to-date Safari browser should really be secure from most higher-priority threats, specially if you also retain the other apps on your Mac updated. And Apple’s documentation doesn’t transform something about how it updates older software program it merely confirms anything that had currently been observed.
We’ve asked Apple to be a lot more upfront about its safety communication, and this is a step forward in that regard. But if you think you are getting especially targeted by attackers, you have an additional purpose to make confident your software program (and hardware) are completely updated and upgraded.