Colstan
Site Champ
- Posts
- 822
- Reaction score
- 1,119
While perusing the release notes for the latest security patches for macOS, I noticed that @Cmaier's favorite CPU design tool, Vim, got two CVE entries in Big Sur, a whopping eight in Catalina, none of them overlapping. Meanwhile, Monterey 12.5 had no mention of Vim, so I assume that it is fully patched.
(Pictured - @Cmaier's emergency preparation tool for designing Opteron.)
This reminded me that not all macOS security updates are equal. While most folks here are aware of what I'm about to mention, it's important to remind less tech-savvy friends and family why they should stay on the latest version of macOS. We've all got a friend who has to be dragged kicking and screaming to do an operating system update. However, even though Apple is still releasing security patches for older versions of macOS, it doesn't mean that they are fully protected.
With macOS 12.5, Monterey received 50 security patches listed in Apple's release notes, on top of whatever unnamed bug fixes and stability improvements that Apple presumably included. Comparatively, the updates for Big Sur and Catalina only had 29 security patches. While some of that could be attributed to different software versions (such as the almighty Vim), much of it comes down to Apple not bothering to backport some of those fixes to earlier versions. Howard Oakley has been covering this for years and Apple's various methods for enticing users to upgrade to the latest version of macOS. Stating that a vulnerability is under "active exploit" is the most immediate and jarring method, but simply patching fewer flaws in older versions is another way of shepherding users toward the latest release.
At one point in time, back when the Mac operating system was marketed as OS X, it made sense to hang back a version or two, waiting for the release to mature. That no longer makes sense, now that Apple puts the vast majority of its engineering resources into the most current and upcoming versions of macOS. I try to keep my non-tech friends and family on the most recent non-beta version of macOS, because there are few good reasons to stay behind. If they are using Windows, strapped to the wheel of pain, then that is understandable, but most new macOS updates are painless.
For various reasons, I kept Mojave on my 2018 Mac mini for as long as it received security patches, but given how many of those security patches don't get backported to previous versions, it's wise to stay current. There's nothing wrong with waiting a few days to make sure that there are no serious widespread issues with a release, but the idea that it's best to hold off on the latest version is antiquated, at this point. The only exceptions are, of course, if you're using an older Mac that can't use the latest version, but we need to keep in mind that not every fix will make it to those systems that exist in the two-year security patch twilight zone.
(Pictured - @Cmaier's emergency preparation tool for designing Opteron.)
This reminded me that not all macOS security updates are equal. While most folks here are aware of what I'm about to mention, it's important to remind less tech-savvy friends and family why they should stay on the latest version of macOS. We've all got a friend who has to be dragged kicking and screaming to do an operating system update. However, even though Apple is still releasing security patches for older versions of macOS, it doesn't mean that they are fully protected.
With macOS 12.5, Monterey received 50 security patches listed in Apple's release notes, on top of whatever unnamed bug fixes and stability improvements that Apple presumably included. Comparatively, the updates for Big Sur and Catalina only had 29 security patches. While some of that could be attributed to different software versions (such as the almighty Vim), much of it comes down to Apple not bothering to backport some of those fixes to earlier versions. Howard Oakley has been covering this for years and Apple's various methods for enticing users to upgrade to the latest version of macOS. Stating that a vulnerability is under "active exploit" is the most immediate and jarring method, but simply patching fewer flaws in older versions is another way of shepherding users toward the latest release.
At one point in time, back when the Mac operating system was marketed as OS X, it made sense to hang back a version or two, waiting for the release to mature. That no longer makes sense, now that Apple puts the vast majority of its engineering resources into the most current and upcoming versions of macOS. I try to keep my non-tech friends and family on the most recent non-beta version of macOS, because there are few good reasons to stay behind. If they are using Windows, strapped to the wheel of pain, then that is understandable, but most new macOS updates are painless.
For various reasons, I kept Mojave on my 2018 Mac mini for as long as it received security patches, but given how many of those security patches don't get backported to previous versions, it's wise to stay current. There's nothing wrong with waiting a few days to make sure that there are no serious widespread issues with a release, but the idea that it's best to hold off on the latest version is antiquated, at this point. The only exceptions are, of course, if you're using an older Mac that can't use the latest version, but we need to keep in mind that not every fix will make it to those systems that exist in the two-year security patch twilight zone.