- Joined
- Nov 9, 2021
- Posts
- 4,286
- Main Camera
- iPhone
but if it's useful then...
Definitely useful, and appreciated!
but if it's useful then...
It’s pretty easy to skip articles that you aren’t interested in. Public service announcements can’t hurt.Okay. I assumed folks wouldn't want me beating them over the head to update on an annual basis, but if it's useful then...
I will.
The thread wasn't getting many responses, so I assumed I was doing it in a vacuum. I have since been corrected and shall continue. Everybody patch and soak it in!It’s pretty easy to skip articles that you aren’t interested in. Public service announcements can’t hurt.
Thanks. The big conundrum will come when Apple releases Sonoma in the fall. My experience with major macOS updates hasn't been stellar, so I usually wait until x.2 or later. I would hope Apple will keep Ventura patched for at least a few months, especially if there are vulnerabilities in active exploit, but we'll see.You spoke, I listened. Back by popular demand, it's time for your annual reminder to update to the latest security patches! Apple has released updates for iOS, iPadOS, watchOS, fridgeOS, and macOS. With the release of Ventura 13.4.1, Apple continues to favor the latest version of macOS over the previous two releases.
The number of fixes for this update:
Ventura: 2
Monterey: 1
Big Sur: 1
Ventura is receiving 50% more patches, as is tradition!
These patches are of particular note, because Apple says that they are being actively exploited. A kernel exploit impacts all recent versions of macOS. Whether Monterey or Big Sur are impacted by the WebKit issue is uncertain, or if there may be a separate Safari update at a later point in time is unknown. If at all possible, run the latest version of macOS, to have full protection from both exploits. So, stay safe, patch your devices, and take your digital vitamins to keep infections away.
Always glad to help.Thanks. The big conundrum will come when Apple releases Sonoma in the fall. My experience with major macOS updates hasn't been stellar, so I usually wait until x.2 or later. I would hope Apple will keep Ventura patched for at least a few months, especially if there are vulnerabilities in active exploit, but we'll see.
@Colstan: Does Apple reduce the quality of security support on the older OS as soon as the new OS comes out, or does it wait a few months, in acknowledgement of the fact that new OS's have growing pains, and many folks need to wait a few months for the kinks to be worked out before they can use the new OS in a production environment? I ask because you follow this much more closely than I. [Yes, support continues for a couple more years, but I'm referring to the reduction in the quality of support on older, but still supported, OS's.]Thanks. The big conundrum will come when Apple releases Sonoma in the fall. My experience with major macOS updates hasn't been stellar, so I usually wait until x.2 or later. I would hope Apple will keep Ventura patched for at least a few months, especially if there are vulnerabilities in active exploit, but we'll see.
That's interesting--checking for suspicious/malicious behavior rather than just known malicious code. I'll look forward to seeing how well they're able to pull this off.Sonoma is going to be very important for Mac security. Probably as important as when Apple implemented System Integrity Protection (SIP) or XProtect. With macOS Sonoma, they'll be using behavioral detection for the first time, under the technology umbrella called "Bastion". Instead of just static blocklists and traditional scans with XProtect's Yara database and XProtect Remediator, Bastion will be proactive instead of reactive in preventing malware. The best security is stopping the infection in the first place, and Bastion may provide such protection, even if the malware is unknown to Apple's engineers. The esteemed Dr. Howard Oakley has an article about it.
In Apple's collective hive mind, legacy software does them no good, and their judgement shall be swift and final. Generally speaking, once a version of macOS is replaced with the fresh version, it immediately loses about 50% of the patches compared to the latest release. So, if historical patterns hold, after Sonoma goes gold, Ventura will receive about half the security fixes during the next bug fix, with Monterey receiving less. In fact, this trend has been getting consistently worse as time has gone on. For instance, Mojave got about 70% of patches after Catalina hit, and that percentage has been dropping for years now.@Colstan: Does Apple reduce the quality of security support on the older OS as soon as the new OS comes out, or does it wait a few months, in acknowledgement of the fact that new OS's have growing pains, and many folks need to wait a few months for the kinks to be worked out before they can use the new OS in a production environment?
I wonder how effective that is given that many, perhaps most, macOS users aren't aware of the differences in security support between the current and prior versions. But if the behavioral detection approach in Sonoma works, this is a feature Apple should highlight in their messaging to users when it prepares to ship. Personally, I would have liked to see a release that just focused on bug fixes, stability, and security, but it seems that isn't happening this time around.In Apple's collective hive mind, legacy software does them no good, and their judgement shall be swift and final. Generally speaking, once a version of macOS is replaced with the fresh version, it immediately loses about 50% of the patches compared to the latest release. So, if historical patterns hold, after Sonoma goes gold, Ventura will receive about half the security fixes during the next bug fix, with Monterey receiving less. In fact, this trend has been getting consistently worse as time has gone on. For instance, Mojave got about 70% of patches after Catalina hit, and that percentage has been dropping for years now.
I can't say what Apple will do in the future, just that I think they want to move Mac users to the latest release, and this is one way to do that. Keep in mind that Apple never promised two years of security support for legacy macOS versions, that's something that they do, but there is no guarantee of that moving forward.
I think Apple is most concerned with active exploits. That's why they developed Rapid Security Response. They've only used it once thus far, for a WebKit vulnerability. This most recent patch would have likely been one, except that RSR doesn't currently work with patches to the kernel. It's an evolving process. For the other patches, if an exploit isn't an active threat, then generally Apple will lump the remaining fixes in with the next point release. There have been a few exceptions where they've pushed out a patch for an exploit that wasn't an active threat, but that's rare. Not all exploits are equal.I'm curious about something - I use both Mac and Windows systems. On the latter, there are fairly frequent security updates (I forget the specific term used), not so on the Mac even with the current OS. Why is that?
Apple doesn't highlight their security features to the general public because they don't want to be associated with traditional anti-virus. XProtect Remediator is much more similar to PC malware scanners than Apple would like to admit. However, unlike Windows anti-virus, it doesn't scan all files at all times. It waits until the computer is idle, when the user isn't doing anything, then runs its scans, at various intervals, depending on what it is looking for. Otherwise, the only other time XProtect does a scan is when a program is first launched or modified.But if the behavioral detection approach in Sonoma works, this is a feature Apple should highlight in their messaging to users when it prepares to ship.
We're never going to get another Snow Leopard release. Apple is a much bigger company now and marketing needs to push new features to the general public. Compared to past releases, Sonoma has few changes. Other than the reincarnation of Dashboard through widgets on the desktop, and a few Safari tweaks, there's not much of note. I watched an exhaustive video on Sonoma, and it includes many quality of life issues, tweaks to the interface, and small changes such as a switch to turn off mouse acceleration, something gamers have wanted for years. I expect minor fixes under the hood, and perhaps big ones like Bastion, that Apple will never publicly disclose.Personally, I would have liked to see a release that just focused on bug fixes, stability, and security, but it seems that isn't happening this time around.
I looked into this, and from what I can see Monterey and Big Sur are getting the same security updates as Ventura (at least this time).You spoke, I listened. Back by popular demand, it's time for your annual reminder to update to the latest security patches! Apple has released updates for iOS, iPadOS, watchOS, fridgeOS, and macOS. With the release of Ventura 13.4.1, Apple continues to favor the latest version of macOS over the previous two releases.
The number of fixes for this update:
Ventura: 2
Monterey: 1
Big Sur: 1
Ventura is receiving 50% more patches, as is tradition!
These patches are of particular note, because Apple says that they are being actively exploited. A kernel exploit impacts all recent versions of macOS. Whether Monterey or Big Sur are impacted by the WebKit issue is uncertain, or if there may be a separate Safari update at a later point in time is unknown. If at all possible, run the latest version of macOS, to have full protection from both exploits. So, stay safe, patch your devices, and take your digital vitamins to keep infections away.
Both patches, all two of them, yes.I looked into this, and from what I can see Monterey and Big Sur are getting the same security updates as Ventura (at least this time).
As one of my good friends says: "Celebrate the small victories that the day brings".A nice little victory for those of us who like to wait until the later in the release cycle to update to a new OS!
The answer to this is quite simple. Yesterday, when Apple posted the release notes for the new patches, they didn't list the Safari update for Monterey and Big Sur until the next day. That's why I didn't include it in my original post. I did see it appear earlier today, but figured most users who are stuck on legacy macOS would discover it on their own. If it hadn't been for the delay, then I would have included it in my post about the latest patches.One of the two updates is for Safari, and the difference is that both of the Ventura updates are packaged with the OS (hence "2") while, with Monterey and Big Sur, the Safari update is packaged separately.
IMO, it's a mistake for Apple not to highlight security features, which go hand-in-hand with privacy protections, which they do publicize often. They don't have to provide the technical details - most people wouldn't understand them anyway - but they should say something about security, which is on everyone's mind these days.Apple doesn't highlight their security features to the general public because they don't want to be associated with traditional anti-virus. XProtect Remediator is much more similar to PC malware scanners than Apple would like to admit. However, unlike Windows anti-virus, it doesn't scan all files at all times. It waits until the computer is idle, when the user isn't doing anything, then runs its scans, at various intervals, depending on what it is looking for. Otherwise, the only other time XProtect does a scan is when a program is first launched or modified.
We're never going to get another Snow Leopard release. Apple is a much bigger company now and marketing needs to push new features to the general public. Compared to past releases, Sonoma has few changes. Other than the reincarnation of Dashboard through widgets on the desktop, and a few Safari tweaks, there's not much of note. I watched an exhaustive video on Sonoma, and it includes many quality of life issues, tweaks to the interface, and small changes such as a switch to turn off mouse acceleration, something gamers have wanted for years. I expect minor fixes under the hood, and perhaps big ones like Bastion, that Apple will never publicly disclose.
Hear ye, hear ye! To whom it may concern, hot off the presses, we have a new Apple security patch! This time, it's a single fix, for a WebKit vulnerability that Apple's security team classifies as being actively exploited. It's a Rapid Security Response (RSR), which has been released for iOS and iPadOS 16.5.1 and Ventura 13.4.1. Concerning macOS, Monterey and Big Sur do not support RSR, hence assuming they are impacted by this vulnerability, will therefore require a separate patch, typically in the form of a Safari update. Exactly when or if Apple plans to release a fix for older macOS versions isn't currently known.
The new RSR will update iOS and iPadOS to version 16.5.1 (a) and macOS Ventura to 13.4.1 (a), with the "(a)" denoting the application of the patch. This RSR weighed in at a whopping 6.8MB for my Intel Mac mini. One of the primary benefits of RSR is the ability to significantly reduce download sizes.
If you are running an Apple operating system that supports RSR, then I would suggest downloading this patch, as "Apple is aware of a report that this issue may have been actively exploited", and therefore considered a priority update.
I did some digging, and it appears to be a common complaint over at MacRumors concerning the latest security patch. I don't use Facebook, so I can't comment personally, but one user claims to have a fix by changing the user agent, rather than forgoing the patch, which is kinda important.One thing I noticed is when launching Facebook I get this notice, which then launches m.facebook.com. I believe that's the mobile version of Facebook. It shows up as a very narrow version that doesn't get resized as I make the Safari window larger.
Protip:
Enable "Show Develop menu in menu bar" from Safari Settings under Advanced tab, then from the Develop menu change the user agent to Chrome macOS and it will work again.
Also note that if you don't want to change your user agent to Firefox or Chrome, you can select "Other" at the very bottom and just remove the offending "(a)" from the actual agent identifier.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.