PSA: Why it's best to stay current with macOS.

[Arkitect]

I spent a couple months with the BT issue, mouse with random disconnects, you know the drill, it was unacceptable, and Apple didn't seem concerned, so a little research and I found the solution. This BT adapter for $15:

https://www.amazon.com/gp/product/B007GFX0PY/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

That product uses a CSR8510 based chip which has native MacOS drivers. Then this VRAM setting:

sudo nvram SkipIOBluetoothHostControllerUARTTransport=%01

Disables the onboard BT, even through a power cycle, and the USB BT dongle becomes the single active, default BT interface.

I did this 2+ years ago, and have almost no BT issues (I might have a stray mouse issue once a month if that). Some people plugged the dongle directly into the USB-A port on the Mini, but some people to isolate is a little more use an extension cable, or run it off a USB-C port with an adapter cable, plug it into a hub - and in my case, since I used a wired KB with 2 USB ports, I plug it into one of those so it's like 2 feet from the machine, and right next to my mouse.

Seriously, give it a try, I think you'll be incredible pleased at the reduction of BT issues (to almost none), especially for under $20

Thank you very much!
I seem to be able to order it from the US Amazon site.

Have you had any issues with HandOff? I find it incredible useful so hopefully that'll work well.

Right now, my Mini is on its side, arse facing towards me, none of the USB-A ports in use… *sigh* and still my Magic Trackpad and Keyboard get regular spasms and BT audio is just, yeah, anything beyond desk range is a misery.

 

[DT]

@Arkitect

Everything works how would expect the factory BT to work, it's pretty much transparent. I run my MM, I'm able to AirDrop (that I believe is negotiated through BT, even though it's over WiFi), I get Hand-off prompts, etc.

And mine is plugged in way downstream too:

Mini >> USB-C_to_A adapter >> USB cable >> Display Hub >> Hub >> KB >> Dongle

Hahaha, that's a little convoluted, I don't really need to use the display hub with another hub sitting here, some of that was temporary, but worked, so I never messed with it

The trick with this is disabling the built-in BT, MacOS fires up, looks for the OEM BT, and discovers the dongle instead. There was another method where you used an XCode tool to disable the OEM, enable the external dongle, but that doesn't survive a reboot. This is also totally reversible, just remove that VRAM setting like so:

sudo nvram -d SkipIOBluetoothHostControllerUARTTransport

Reset, onboard BT is active again, happy to continue doing its half assed job of connectivity

 

[Arkitect]

@Arkitect

Everything works how would expect the factory BT to work, it's pretty much transparent. I run my MM, I'm able to AirDrop (that I believe is negotiated through BT, even though it's over WiFi), I get Hand-off prompts, etc.

And mine is plugged in way downstream too:

Mini >> USB-C_to_A adapter >> USB cable >> Display Hub >> Hub >> KB >> Dongle

Hahaha, that's a little convoluted, I don't really need to use the display hub with another hub sitting here, some of that was temporary, but worked, so I never messed with it

The trick with this is disabling the built-in BT, MacOS fires up, looks for the OEM BT, and discovers the dongle instead. There was another method where you used an XCode tool to disable the OEM, enable the external dongle, but that doesn't survive a reboot. This is also totally reversible, just remove that VRAM setting like so:

sudo nvram -d SkipIOBluetoothHostControllerUARTTransport

Reset, onboard BT is active again, happy to continue doing its half assed job of connectivity

Brilliant.
Thanks again!

 

[DT]

Oh one more thing

It's super handy to have a wired keyboard and mouse when you're fiddling around with the BT (anything USB will work, even PC products).

 

[Clix Pix]

All up to date now in this household! Did the 15" 2018 MBP yesterday afternoon and also the two iOS iPhones and two iPadOS iPads.... Still haven't done the Apple Watch, though. It always seems to bring up the rear in the updating parade. Earlier this afternoon did the 2017 12" MacBook and the 13" 2020 M1 MBP. I've always been a firm believer in keeping up with software updates. Sometime either this year or next year I'll be replacing the 2018 MBP, as I can see by the pattern of how things are going, it likely won't be eligible to get the MacOS that comes after Ventura. I can pretty well predict that Ventura will definitely be the last MacOS for the 12" MacBook, and that's OK, as in the past I used that mainly for travel anyway and when I bought the 2020 M1 I anticipated I'd be using that for travel in the future. I had intended to sell the 12" MB, but never got around to it and at some point decided I might as well just keep it. Such a lovely little machine....

 

[sgtaylor5]

I hear you. I'm going to keep my 2018 Mac mini going for as long as I can and I don't need anyone to explain to me why I should switch right now when it's doing its job just fine. I invested a lot into RAM upgrades, eGPU, etc. That's much more than the $700 I originally put into it. My philosophy is to use what you have until you absolutely need to replace it, then buy the best you can reasonably afford, and enjoy the hell out of it. That's what I plan with my eventual move to Apple Silicon.

Even though I'm not in the target market for the Mac Pro, I spent some time babysitting in that forum over at the other place, and they're absolutely livid about the latest Apple Silicon rumors for their favorite product. One solution I heard was for Apple to continue to release Xeon Mac Pros to "make professionals happy". There seem to be a subset of individuals that just can't accept that Apple is moving on not just from Intel products, but also Intel's design philosophy, and any suggestion that they plan for an alternative future is sharply denounced. (That, and half the time I bring up @Cmaier the post gets deleted for "discussing moderation".)

As far as Apple's thinking is concerned, here is another reason that they absolutely need to move the base over to Apple Silicon, for security reasons. UEFI has been Swiss cheese for years now, it was obvious it would be a security nightmare when it was announced, and the sooner Apple moves the Mac to iBoot, the better for all of us users. Of course, there are the wise guys in the comments section that point out "all computers have vulnerabilities". Everyone knows it, they can stop trotting out the straw men, give them a rest. The point is that Apple can reduce the attack surface by moving to their own solutions.

The only Windows machine I have for using native Windows on a job site has the specs of a Chromebook physically but it's running Windows 10. Much too slow. When I decommission it, I'll slap CloudReady back on it.

This next week I have a customer who needs a lot of files taken off all her older laptops at a neighbors house, so I finally bit the bullet and bought a 256 gig Apple branded SSD. This weekend I'll port my macOS installation over to it and do a Boot Camp with Windows 10 half-and-half.

Windows needs much more empty drive space than macOS does to work smoothly, but I don't want to give the Mac side 80 gb total. I do the vast bulk of my day to day work there; I work on the PC side when I have to.

 

[throAU]

Yeah people really need to let go of the mentality that updates break everything all the time. There may have been some truth to that a long time ago, but it really just doesn't happen these days. I still see people two whole major iOS versions behind asking if it's safe to update to the latest. Blows my mind. And it's almost always because "I've heard there's lots of bugs" or "Apple are purposely going to slow down my phone every update"

in my experience updates only ”break stuff” if you’re unwilling to stay current with applications as well.

and if that’s the case, and you need carry an old app that will never be updated, do it on a machine that never hits the network.

edit: aware there are some exceptions such as when a cpu arch or framework is totally dropped thar have hurt people with say quicken(?) but the fact remains. if you need to run old unpatched software you need to keep it off the internet these days.

 

[Colstan]

Sorry for resurrecting this thread, but Mr. Macintosh has released a video which further supports the notion that Apple only cares about the latest version of macOS, and previous versions receive only partial security updates. I set the video to skip to the relevant segment:



This is the security issue in question:

I would highlight this part: "Apple is aware of a report that this issue may have been actively exploited." Also, "an anonymous researcher" is fruit company code for "an Apple employee" as they did in patch notes in times of yore. So, there's a good chance that Apple's researchers noticed this themselves, rather than an independent researcher.

This is important because it was first fixed in macOS Monterey 12.5.1, but wasn't patched in Big Sur until 11.7, with Catalina remaining forever vulnerable. As Mr. Macintosh notes, this was over 26 days after Monterey received the fix, leaving Big Sur users at risk for nearly a month to an issue which Apple had indicated was being actively exploited, presumably before 12.5.1 was released.

While there are legitimate reasons for staying on earlier versions of macOS, security definitely isn't one of them, and this is more proof that Mac users should be using the latest version whenever possible. With Ventura coming out in October, Monterey entering maintenance mode, and Catalina now zombieOS which is no longer receiving security patches, we should all be planning to make the switch as soon as possible. In the past, it may have been prudent to stay a few versions behind, but Apple has made it clear that they want Mac users on the latest version, full stop.

At this point, I'm not even certain why they bother releasing security updates for older versions if they aren't going to provide complete coverage, because it provides a false sense of security for users that aren't paying close attention like we are, and are trusting Apple to fix all vulnerabilities regardless of version. I think it's a good thing for Macs that are no longer supported by the latest and greatest; a Swiss cheese patchwork is better than no security updates at all, but for users who can update, it gives them an excuse to hang back, when they shouldn't. (There are other reasons to update, such as major non-security fixes that get pushed into the next version of macOS, which are beyond the scope of this post, but are regularly covered by the esteemed Dr. Howard Oakley.)

We all have to make a judgement call for when to make the jump to a new version of macOS, but for me, it's clear and I will be installing Ventura on my Mac Pro within a few days after release. Just make sure to do a Time Machine backup beforehand.

 

[throAU]

Another reason to stay current now.

Passkeys.

 

[Cmaier]

Apple agrees with @Colstan

Apple confirms older operating system patches aren't as comprehensive as latest updates | AppleInsider

Old Apple operating systems receive periodic updates to patch security vulnerabilities, but Apple says only the latest OS updates are fully protected.

appleinsider.com

 

[Colstan]

It looks like Apple is going to start being more transparent with their security initiatives. This is something I didn't expect, but Apple has just launched a new security blog. The first two entries are about the bug bounty program and hardening XNU.

 

[Nycturne]

Under Tim, Apple has placed emphasis on privacy and security as key to their brand. They do white papers and the like on their security model that are public.

This sort of thing is not only good for transparency, but is cheap PR too. So I’m more surprised this hasn’t happened sooner. Maybe having Swift interact directly with the community is rubbing off?

 

[Colstan]

Apple has just updated macOS Ventura to 13.0.1 (22A400), which patches two security flaws. Thus far, no updates for Big Sur or Monterey, nor do we know if they will ever receive these patches. Separately, since the initial launch, Apple's release notes for Ventura security fixes has been updated to disclose 77 vulnerabilities, up from 66 on launch day. Thus far, Monterey has received 9 patches, Big Sur comes in at 7 total, both up from the original 3 disclosed fixes, respectively, during that same time period.

When Monterey was the most current release, older versions of macOS received about 60% of the security patches compared to the latest version. Now, it's dropped to approximately 10%, since Ventura's release. Apple hasn't disclosed whether the remaining 90% of security fixes will be patched in Monterey or Big Sur.

 

[theorist9]

Apple has just updated macOS Ventura to 13.0.1 (22A400), which patches two security flaws. Thus far, no updates for Big Sur or Monterey, nor do we know if they will ever receive these patches. Separately, since the initial launch, Apple's release notes for Ventura security fixes has been updated to disclose 77 vulnerabilities, up from 66 on launch day. Thus far, Monterey has received 9 patches, Big Sur comes in at 7 total, both up from the original 3 disclosed fixes, respectively, during that same time period.

When Monterey was the most current release, older versions of macOS received about 60% of the security patches compared to the latest version. Now, it's dropped to approximately 10%, since Ventura's release. Apple hasn't disclosed whether the remaining 90% of security fixes will be patched in Monterey or Big Sur.

Thanks for letting us all know about the fact that Apple doesn't fully maintain security on older releases. I never would have known otherwise. For reasons I explain below, this won't motivate me to upgrade with the earliest interations (say, prior to v. x.2), but it will motivate me to consider changing my existing SOP, which is to wait to upgrade until about v. x.5.

I do think it's unfortunate that Apple immediately abandons full security updates for the last OS as soon as the new OS is released, since updating at that time remains (IMO) problematic. Indeed, because the security software my university uses hasn't yet been certified on Ventura, I can't update now in any case. I find it ironic (Alanis Morisette agrees) that, to maintain security, one has to give up security . That's not specific to my school either--I've seen such notices from many institutions.

Then again, I probably wouldn't want to update now anyway. Of course, this depends on your suite of software, but I personally have found early OS versions to be a morass of bugs, both in the OS and in apps. That makes sense to me, since devs can't fully assess their software for bugs until some time after it's fully released into the wild, which typically means at least a few months after the first stable release. And some of my software hasn't even been released for Ventura yet (like Mathematica).

And this is not just my view:

Update to macOS Ventura

HMS IT now fully supports macOS Ventura, update to version 13.2.

it.hms.harvard.edu

Transitioning to a new MacOS is particularly problematic in digital audio. If you look at this tabulation of developer guidance about MacOS Ventura from https://www.pro-tools-expert.com/apple-macos-ventura-audio-compatibility-chart , you'll often see statements like this:

Now you could ask why the devs and IT folks didn't pre-certify their software using the Ventura betas. I'm guessing the answer is that, even if they have tested with the betas, they believe they need to wait for the stable release to do their final testing.

Once the software I need is certified on Ventura (probably early 2023), I'll give it a shot--now that MacOS has separated the system and data volumes, I believe that you can install Ventura on a separate system volume and try it out without affecting anything on your data volume, such that, if it doesn't work out, switching back to Monterey is as simple as just booting back to that OS--there's no need to downgrade.

 

[Colstan]

Thanks for letting us all know about the fact that Apple doesn't fully maintain security on older releases. I never would have known otherwise.

You are most welcome, @theorist9, and I agree with everything you said in this post. I have always said that the decision to update is entirely up to the individual Mac user.

I would be a total hypocrite to go and tell everyone to upgrade to the latest release, because I myself stayed on Mojave for the full extended two-year patch cycle. I did so partly because of 32-bit support, partly because I didn't care for the Big Sur interface changes, but mostly because I didn't have a "Retina" display as Apple recommends, which gave me physical headaches when using standard definition monitors. After somehow managing to snag a brand-new 21.5-inch UltraFine off of Ebay, I jumped straight to Monetary, because it fortunately coincided with the final security patches for Mojave.

As you probably surmised, my harping on the subject is for two reasons:

1. Most Mac users probably aren't aware that Apple isn't patching 100% of the known security flaws with all supported versions of macOS. I have to give massive credit to Dr. Howard Oakley and Mr. Macintosh for extensively covering this issue. I've just done my best to make sure that their findings are as well-known as possible, so that Mac users can make an informed decision about when to upgrade.

2. An attempt to dispel the antiquated notion that a version of OS X is ever "finished", or something along those lines. Long-time Mac users will sometimes pinpoint a release like Snow Leopard 10.6.8 v1.1 (Build 10K549) as the pinnacle of OS X releases, being the final build of one of the most beloved versions of OS X, because Steve Jobs marketed it as "zero new features". That wasn't the case, but most of us understand the messaging.

Today, macOS gets a series of relatively less ambitious, yearly updates, and I think should be considered a rolling release, at this point. Modern operating systems are hellions to wrangle toward a release date, as they become more complex while meeting both a technical and marketing timetable. Therefore, Apple's engineers have to prioritize their resources, and that seems to be the latest version.

As I mentioned above, that's not just with security, but stability and new features. The third major memory leak found inside of Monterey wasn't patched until the release of Ventura 13.0. Not a decimal release, but the version released to the general public.

In summation, there are numerous, perfectly valid reasons to stay with an older version of macOS. The most obvious one is when a newer version doesn't have vital software or hardware support. In that case, it's foolish to upgrade, particularly if the user is making a living off of that Mac. Where I take umbrage is with users who believe that waiting until an arbitrary point release will somehow make their Macs more stable because macOS will ostensibly be more complete. Apple is constantly working on bugs, new and old, I see no reason to wait until an arbitrary version number after a major update. Like I said, if you're still using any version of Monterey, then the third Finder memory leak is still unpatched, and based upon past history, it never will.

On top of that, Apple appears to be patching fewer and fewer security holes with the previous two versions. During the Monterey cycle, Apple was regularly patching about 60% of vulnerabilities inside Catalina and Big Sur. At least one of those unpatched vulnerabilities had been marked as being actively exploited.

With the release of Ventura, that percentage of back ported patches has dropped to an approximate 10%. Mayhap some of that is because much of the Mac engineering effort has been to get Ventura out the door, safe and secure, and perhaps Apple will continue back porting them now that the mad rush is over with. It's too soon to say whether that is the case, but it is striking and highlights the issue even more now than before. Previously, I could see the argument that 60% is "better than nothing", but 10% is, at best, security theatre. If I wasn't able to upgrade to Ventura, then I'd take the 10%, but be fully aware that I was basically running an unpatched system.

This doesn't even account for the new under-the-hood changes, like the SSV introduced in Big Sur, or the more recent substantially smaller patch sizes that are just now making themselves known inside of Ventura. Plus, keep in mind that the new USB security features inside Ventura are Apple Silicon only. My aging 2018 Mac mini need not apply.

So, it's clearly a tradeoff that every Mac user is going to have to study and weigh for their individual use case. I personally enable every security feature that my Intel Mac will allow, but I can already feel the squeeze, which is another incentive to move to Apple Silicon, sooner rather than later.

 

[theorist9]

Something else wor

You are most welcome, @theorist9, and I agree with everything you said in this post. I have always said that the decision to update is entirely up to the individual Mac user.

I would be a total hypocrite to go and tell everyone to upgrade to the latest release, because I myself stayed on Mojave for the full extended two-year patch cycle. I did so partly because of 32-bit support, partly because I didn't care for the Big Sur interface changes, but mostly because I didn't have a "Retina" display as Apple recommends, which gave me physical headaches when using standard definition monitors. After somehow managing to snag a brand-new 21.5-inch UltraFine off of Ebay, I jumped straight to Monetary, because it fortunately coincided with the final security patches for Mojave.

As you probably surmised, my harping on the subject is for two reasons:

1. Most Mac users probably aren't aware that Apple isn't patching 100% of the known security flaws with all supported versions of macOS. I have to give massive credit to Dr. Howard Oakley and Mr. Macintosh for extensively covering this issue. I've just done my best to make sure that their findings are as well-known as possible, so that Mac users can make an informed decision about when to upgrade.

2. An attempt to dispel the antiquated notion that a version of OS X is ever "finished", or something along those lines. Long-time Mac users will sometimes pinpoint a release like Snow Leopard 10.6.8 v1.1 (Build 10K549) as the pinnacle of OS X releases, being the final build of one of the most beloved versions of OS X, because Steve Jobs marketed it as "zero new features". That wasn't the case, but most of us understand the messaging.

Today, macOS gets a series of relatively less ambitious, yearly updates, and I think should be considered a rolling release, at this point. Modern operating systems are hellions to wrangle toward a release date, as they become more complex while meeting both a technical and marketing timetable. Therefore, Apple's engineers have to prioritize their resources, and that seems to be the latest version.

As I mentioned above, that's not just with security, but stability and new features. The third major memory leak found inside of Monterey wasn't patched until the release of Ventura 13.0. Not a decimal release, but the version released to the general public.

In summation, there are numerous, perfectly valid reasons to stay with an older version of macOS. The most obvious one is when a newer version doesn't have vital software or hardware support. In that case, it's foolish to upgrade, particularly if the user is making a living off of that Mac. Where I take umbrage is with users who believe that waiting until an arbitrary point release will somehow make their Macs more stable because macOS will ostensibly be more complete. Apple is constantly working on bugs, new and old, I see no reason to wait until an arbitrary version number after a major update. Like I said, if you're still using any version of Monterey, then the third Finder memory leak is still unpatched, and based upon past history, it never will.

On top of that, Apple appears to be patching fewer and fewer security holes with the previous two versions. During the Monterey cycle, Apple was regularly patching about 60% of vulnerabilities inside Catalina and Big Sur. At least one of those unpatched vulnerabilities had been marked as being actively exploited.

With the release of Ventura, that percentage of back ported patches has dropped to an approximate 10%. Mayhap some of that is because much of the Mac engineering effort has been to get Ventura out the door, safe and secure, and perhaps Apple will continue back porting them now that the mad rush is over with. It's too soon to say whether that is the case, but it is striking and highlights the issue even more now than before. Previously, I could see the argument that 60% is "better than nothing", but 10% is, at best, security theatre. If I wasn't able to upgrade to Ventura, then I'd take the 10%, but be fully aware that I was basically running an unpatched system.

This doesn't even account for the new under-the-hood changes, like the SSV introduced in Big Sur, or the more recent substantially smaller patch sizes that are just now making themselves known inside of Ventura. Plus, keep in mind that the new USB security features inside Ventura are Apple Silicon only. My aging 2018 Mac mini need not apply.

So, it's clearly a tradeoff that every Mac user is going to have to study and weigh for their individual use case. I personally enable every security feature that my Intel Mac will allow, but I can already feel the squeeze, which is another incentive to move to Apple Silicon, sooner rather than later.

Something else worth noting—and that makes earlier updating to a new OS more compelling—is that Macs used to be partially protected from malware simply by their low market share. That made them less juicy targets, and also reduced the number of hackers with Mac expertise. However, now that this this is changing (particularly in the enterprise space), that protection is going away.

According to https://www.jamf.com/resources/white-papers/security-360-annual-trends-report/ ,

"Mac malware is becoming a problem. In 2021, Jamf Threat Labs announced the discovery of a new variant of Shlayer malware, which allowed an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results."

Separately, I have these two questions about the incomplete security support on previous OS's (which I should probably direct to Howard Oakley):

1) Are the threats Apple leaves unpatched merely the rarest/least dangerous ones, or those they find hard to fix with the older OS's? The latter is obviously much more concerning than the former.

2) If you are running apps with antimalware functionality (I have Malware Bytes, ClearPass OnGuard, and FireEye Endpoint Security), to what extent does that mitigate the security exposure with older OS's?

 

[Nycturne]

Separately, I have these two questions about the incomplete security support on previous OS's (which I should probably direct to Howard Oakley):

1) Are the threats Apple leaves unpatched merely the rarest/least dangerous ones, or those they find hard to fix with the older OS's? The latter is obviously much more concerning than the former.

2) If you are running apps with antimalware functionality (I have Malware Bytes, ClearPass OnGuard, and FireEye Endpoint Security), to what extent does that mitigate the security exposure with older OS's?

My take on these two questions:

1) It's mostly going to be based on the severity bar. But the bar will be set lower for the current OS, and higher for the older OS. So, something that's discovered and is "oh ****!" bad is more likely to get a back port to the older OS than one that isn't. This triage is going to be somewhat arbitrary though, and it's not like Apple is transparent with their CVE triage bars. So I would generally assume that exploitable bugs will remain that malware can leverage.

2) So long as malware definitions are updated by the vendor promptly enough, it's better than not having it. But it'll depend on if it can detect it prior to infection, or be able to undo the damage done by the infection. That said, recent OS updates that make the system partition read-only, and prevent loading of anything into kernel space by default (Apple Silicon) will generally do better here as it's just that much harder for malware to persist itself at a layer that anti-malware tools can't also reach.

According to https://www.jamf.com/resources/white-papers/security-360-annual-trends-report/ ,

"Mac malware is becoming a problem. In 2021, Jamf Threat Labs announced the discovery of a new variant of Shlayer malware, which allowed an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results."

This is pretty gnarly, I'll admit. Being able to bypass all the features that exist to raise red flags for the user is not great. Because it does leave anti-malware as your last line of defense to detect this type of infection, much like the old days.

 

[Colstan]

Despite all the chatter in our Apple bubble about macOS security, it's still rare for the Mac to be infected. According to Elastic Security Labs, only 6.2% of all malware ends up on the Mac. That compares to 54.4% on Windows, and 39.4% on Linux. Trojans account for the majority of infections across all platforms.

Specifically on the Mac, nearly half of all infections are from the notorious MacKeeper.

MacKeeper has been a bane for years now, and apparently ignorant users are still falling victim to it. Most of us here aren't going to be duped by obvious malware like this, nor trojans in general. Even now there are still "Adobe Flash" updates for Mac, even though that's a long deceased piece of Swiss cheese. Still, we need to keep an eye on our friends and relatives who don't know better, and still think that they "need anti-virus" because of an anachronistic Windows mindset, which is an audience that MacKeeper targets, considering that about half of all new Mac purchases are made by customers that are new to the platform.

Apple continues to improve macOS security with each release, particularly with the new implementation of XProtect Remediator. Unless a user has a specific need for something more, an updated install of Ventura should be satisfactory, which is what I have been advocating in this thread. While probably not necessary, the free version of Malwarebytes for Mac can be used safely, if considered needed. I personally don't use anything other than what Apple includes with macOS, keep the OS and applications up-to-date with the latest version when released by the relevant companies, and use common sense practices.

Still, it's interesting to see how the Mac's malware installations are lower than its overall marketshare, which suggests Apple's safety measures are effective, as well as most infections being ironically the result of naive users installing protection that they don't need, thanks to years of Stockholm Syndrome from using Windows. Being bombarded with the drumbeat of needing third-party anti-virus, while not understanding the predatory nature of social engineering based upon that feeling of necessity, has had a lasting, ingrained impact.

 

[Colstan]

I took most of December off from tech sites and news in general, so I need to catch up. Hence, here is my annual reminder to upgrade to the latest version of macOS, if at all possible, because older versions remain vulnerable despite Apple releasing patches.

Excluding the updates to Safari, the December 13th patches include these number of fixes:

Ventura: 25
Monterey: 14
Big Sur: 11

If nothing else, make sure all of your Mac's are patched, otherwise they are vulnerable to "Achilles", which can bypass Gatekeeper protections.

 

[Roller]

I finally installed 13.1 last week to get the latest security patches. I held off until then because of reported bugs in 13.0 and 13.0.1. Pretty smooth sailing, so far. I'm still trying to determine if Stage Manager is worth keeping active. For years, I've been using spaces to segregate apps/windows, though it often gets messy depending to which desktop an app is assigned. The key will be to determine how to use both features productively, or decide to just use Stage Manager with one desktop.