PSA: Why it's best to stay current with macOS.

Colstan

Site Champ
Posts
822
Reaction score
1,124
This is my annual reminder to keep your Macs updated. Apple has released a new round of patches, including macOS 13.2 Ventura. I just installed it and haven't experienced any issues. As I said the the title, it's best to have the latest version of macOS installed, because it gets 100% patched, which Apple has officially backed me up on. According to the security notes, excluding the two WebKit patches to Safari, the number of security fixes for each updated version of macOS are as follows:

Ventura: 20
Monterey: 13
Big Sur: 6

Obviously, it's up to each individual user to decide when to update to a newer version, but if you are concerned about security, then Ventura is what you should likely be running, if possible.
 

Clix Pix

Focused
Site Donor
Posts
3,160
Reaction score
5,126
Location
Eight Miles from the Tysons Apple Store, No. VA
Main Camera
Sony
I usually wait a day or so before installing new system/security updates, etc.....just to be sure that there aren't any unexpected "gotchas" that I should know about. Also I like to wait to do this during a time when the Apple servers aren't going to be slammed by a mad rush of everyone and his cousin all now off work and trying to do the updates, and since I have the luxury of being retired and not having a significant portion of my day filled with work obligations, I usually try to do updates during a time frame where the servers will be less busy and I can get the process done more quickly and smoothly. Just to be clear, though, I definitely am not someone who dawdles around for days or weeks or longer when there is a security update announced -- those are indeed very important and should be attended to sooner rather than later. It baffles me why some people continue to run older machines with older versions of the OS and casually skip updates....well, that's their problem, not mine.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
I usually wait a day or so before installing new system/security updates
This isn't an unwise strategy. I think that's true particularly for older versions of macOS, which likely aren't tested as thoroughly as the latest release. I kept my 2018 Mac mini on Mojave for longer than I probably should have, and Apple botched one of the final security updates which it received. I had to reinstall from Time Machine. It was a minor pain, but there's always the chance of something serious happening. I haven't experienced anything that dramatic with Ventura, so I think it's a solid release. Even so, caution is always warranted, just as are good backups.
 

ronntaylor

Elite Member
Posts
1,361
Reaction score
2,537
This is my annual reminder to keep your Macs updated. Apple has released a new round of patches, including macOS 13.2 Ventura. I just installed it and haven't experienced any issues. As I said the the title, it's best to have the latest version of macOS installed, because it gets 100% patched, which Apple has officially backed me up on. According to the security notes, excluding the two WebKit patches to Safari, the number of security fixes for each updated version of macOS are as follows:

Ventura: 20
Monterey: 13
Big Sur: 6

Obviously, it's up to each individual user to decide when to update to a newer version, but if you are concerned about security, then Ventura is what you should likely be running, if possible.
Planning to update in a few minutes. Just finished updating my Apple Watch, iPad Air and iPhone.
 

exoticspice1

Site Champ
Posts
298
Reaction score
101
Thanks for the update gonna update my Dad's iPhone and my MacBook.
This is my annual reminder to keep your Macs updated. Apple has released a new round of patches, including macOS 13.2 Ventura. I just installed it and haven't experienced any issues. As I said the the title, it's best to have the latest version of macOS installed, because it gets 100% patched, which Apple has officially backed me up on. According to the security notes, excluding the two WebKit patches to Safari, the number of security fixes for each updated version of macOS are as follows:

Ventura: 20
Monterey: 13
Big Sur: 6

Obviously, it's up to each individual user to decide when to update to a newer version, but if you are concerned about security, then Ventura is what you should likely be running, if possible.

.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
I mentioned above how Apple had to pull the 2020-005 security update for Mojave because of major bugs that came along with it. CPU utilization would spike, the fan would sound like a jet engine, and programs would be sluggish or randomly crash. Ostensibly, this was a minor security update that should have had proper testing beforehand, but Apple pulled it almost immediately, because it was clearly not ready for a full release.

A similar problem happened where Safari would kernel panic using a 2018 Mac mini running Mojave (not Catalina) and the only fix was to update to the Big Sur firmware (which was in beta, at the time). It wasn't officially patched until months later, when that firmware version shipped with Big Sur and trickled down to Mojave in a security update. This happened to everyone with a 2018 Mac mini who was running Mojave after applying security update 2020-002. Because I needed to continue to use Mojave, at that time, I switched to Firefox, until I ended up installing the Big Sur beta firmware so that I could use Safari again.

Last year, Apple finally backed up what myself and others have been saying: only the most current version of macOS receives 100% of the latest security patches. What Apple doesn't tell you, and never will, is that the oldest versions also receive the least amount of testing, assuming there's much testing done at all. Those two massive problems with Mojave didn't happen in the most recent shipping version of macOS, at that time.

Now, it's Big Sur's turn to receive inadequate testing. While not nearly as bad as what happened with those Mojave updates, Big Sur 11.7.3, the latest security patch, prevents the icons in Safari's Favorites section from appearing properly.

Big-Sur-Safari-Favorite-Icons-Bug.jpg


This is yet another reason that I think it is best to run the latest version of macOS, whenever possible. The old school way of thinking is that once a version of macOS hits maintenance mode, it's essentially "done", and only requires an occasional minor security patch. Those "minor" patches often touch major parts of the operating system, and I don't think Apple tests them nearly as well as the most current release.

The vague, roughly two years of additional security patches often seem like an afterthought. Apple won't officially commit to fully patching these old versions 100% and don't appear to test them as rigorously. I suppose it's better than nothing for Mac users who are still stuck using an older macOS release, for whatever reason, but the tradeoffs should be clear.

So, it's not just the lack of 100% security coverage that is an issue, but it also appears that Apple doesn't test those older versions as well as the most current release of macOS, either. I never imagined that I would have to install beta firmware to properly use Apple's own web browser, but that's exactly what 2018 Mac mini owners needed to do a few years ago.
 

exoticspice1

Site Champ
Posts
298
Reaction score
101
I mentioned above how Apple had to pull the 2020-005 security update for Mojave because of major bugs that came along with it. CPU utilization would spike, the fan would sound like a jet engine, and programs would be sluggish or randomly crash. Ostensibly, this was a minor security update that should have had proper testing beforehand, but Apple pulled it almost immediately, because it was clearly not ready for a full release.

A similar problem happened where Safari would kernel panic using a 2018 Mac mini running Mojave (not Catalina) and the only fix was to update to the Big Sur firmware (which was in beta, at the time). It wasn't officially patched until months later, when that firmware version shipped with Big Sur and trickled down to Mojave in a security update. This happened to everyone with a 2018 Mac mini who was running Mojave after applying security update 2020-002. Because I needed to continue to use Mojave, at that time, I switched to Firefox, until I ended up installing the Big Sur beta firmware so that I could use Safari again.

Last year, Apple finally backed up what myself and others have been saying: only the most current version of macOS receives 100% of the latest security patches. What Apple doesn't tell you, and never will, is that the oldest versions also receive the least amount of testing, assuming there's much testing done at all. Those two massive problems with Mojave didn't happen in the most recent shipping version of macOS, at that time.

Now, it's Big Sur's turn to receive inadequate testing. While not nearly as bad as what happened with those Mojave updates, Big Sur 11.7.3, the latest security patch, prevents the icons in Safari's Favorites section from appearing properly.

View attachment 21766

This is yet another reason that I think it is best to run the latest version of macOS, whenever possible. The old school way of thinking is that once a version of macOS hits maintenance mode, it's essentially "done", and only requires an occasional minor security patch. Those "minor" patches often touch major parts of the operating system, and I don't think Apple tests them nearly as well as the most current release.

The vague, roughly two years of additional security patches often seem like an afterthought. Apple won't officially commit to fully patching these old versions 100% and don't appear to test them as rigorously. I suppose it's better than nothing for Mac users who are still stuck using an older macOS release, for whatever reason, but the tradeoffs should be clear.

So, it's not just the lack of 100% security coverage that is an issue, but it also appears that Apple doesn't test those older versions as well as the most current release of macOS, either. I never imagined that I would have to install beta firmware to properly use Apple's own web browser, but that's exactly what 2018 Mac mini owners needed to do a few years ago.
Just install Linux on those old machines. Simple for tech people like us. Brings new life into obsolete machines and as far I know the 2018 mini supports Linux. So when support dies for 2018 mini then instead of trashing it, it would best to install Linux.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
I'm sure most of us have seen that Apple has released a relatively small security update for most of their devices, which includes the 13.2.1 update for macOS Ventura, along with Safari 16.3.1 for Monterey and Big Sur.

The 13.2.1 update for Ventura features three fixes, including a kernel exploit, a privacy issue with Shortcuts, and a WebKit vulnerability. It is notable that the WebKit issue is the only one of the three that has been fixed in Monterey and Big Sur, included in the standalone Safari update. (Big Sur doesn't have Shortcuts, so that is not an issue with that version.) The kernel exploit remains unaddressed with the previous versions.

It is important to update any supported version of macOS as soon as possible, because Apple's release notes state that they are aware of it being actively exploited.

exploit.jpg


Hence, this is clearly a critical security update.
 

Roller

Elite Member
Posts
1,392
Reaction score
2,697
For some odd reason, it took several tries to get the Ventura update to install on my Mac Studio. The first few times, when I clicked restart, I was asked for my password, and the Mac rebooted without anything being installed. I've never seen that happen before, but over the years I've found that no two macOS updates proceed identically. There's always something different, whether it's the feedback during the installation or how many times the screen goes dark, leaving me to wonder if anything's happening.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
On occasion, I've posted about Apple's latest updates to macOS and what exploits they fix. However, I haven't mentioned much on the practical side about actual malware, other than a few surveys taken and the most common threats. In that regard, the esteemed Dr. Howard Oakley has released a series of articles after Apple's recent update to XProtect Remediator. The first article covers the KeySteal, HonkBox and BadGacha malware that are detected in that update. The second article covers how troubleshooting has changed with macOS security measures. The third article covers the efficacy of Ventura's signature checks.

Regarding code signing and Gatekeeper, Ventura has changed compared to previous versions, as stated in Dr. Oakley's second article:

All third-party software is installed on the Data volume, making it susceptible to accidental or deliberate change, just as it has been in the past. What has changed is that all Universal executable code is required to be signed, and signing and integrity are now checked whenever an app is opened, rather just when it’s first run.

From a practical standpoint, this has a significant impact on the effectiveness of the malware which he covers in the third article:

Because the malicious software is embedded within an app that’s already signed, that signature fails when macOS checks it properly. Prior to Ventura, unless the quarantine flag is set on the app, a full signature check by Gatekeeper may well not take place, allowing the malware to install itself. Ventura changes that, as full Gatekeeper signature checks are now run even when there’s no quarantine flag set, so macOS 13 should block this successfully.

The takeaway is that not only do the prior versions of macOS not receive all of the latest patches, but the security features in Ventura are not present in earlier releases. While updates to XProtect and XProtect Remediator, along with the partial patches for prior versions, do provide some measure of safety, the best way to stay safe is to be on the latest version of macOS available.

I realize that not every user has the luxury to update as soon as possible, some software takes time to become compatible with updates to macOS, but that's on the third-party developers for that failure. End users are left in the position of potentially trading security for compatibility. Apple is currently testing Rapid Security Response in the latest macOS beta, which will become even more important for timely updates in the future.

As I have often said in this thread, unless you absolutely cannot update to the latest release of macOS, then it is best to upgrade as soon as possible. Historically, there have been some users who waited for a few updates after a major release of macOS before updating, because they believed it would be more stable, but this is an antiquated notion. Unless you can't update, either because of software compatibility or old hardware aging out, then the safest action is to update macOS whenever Apple pushes out an update, whether that be a major upgrade or a small patch. For further information, I recommend perusing Dr. Oakley's articles on the subject.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
It's that time of the quarter again, the Spring update for macOS, which includes many security fixes. The number of patches for each supported version are:

Ventura: 49
Monterey: 24
Big Sur: 23

Apple is now fixing only about half of the vulnerabilities in previous versions compared to the latest release of macOS. So, if possible, it's best to update to Ventura. I just installed 13.3, and all seems well, personally.

Apple also released a firmware update, versions 16.4, for the Apple Studio Display, which also includes a single security patch. Earlier this month, Apple released updates for Garage Band. I mention it because this is also a good time to make sure that all of your applications, both from Apple and third-party developers, are updated, as well.

Finally, there's new Mac malware, which sends passwords via Telegram.

As part of the theft, the software takes credentials and cookies from Firefox, Google Chrome, and Brave browsers, and also extracts the Keychain database. It also attempts to secure a variety of file types, including MP3s, text files, PDFs, PowerPoint files, photographs, and databases.

While pulling Keychain may seem like a big danger to users, the attack involves taking the Keychain wholesale, without accessing the data within it. The database does get taken and transmitted to the attacker by Telegram, but it's still encrypted.

The usual practices apply to avoid infection, with the added caveat of also not being a pothead who smokes too much cannabis. (Seriously.)

It is unclear exactly how the malware moves between Macs, but initial infections have been caused by an app called "weed.dmg." As you would expect, it looks like an executable with a leaf as an icon.

Most of us here are well aware of how to stay safe and the tradeoffs involved in using the latest versions, but not all of our friends, colleagues, and family are. So, make sure that both you and those in your tech sphere of influence update, as well.
 

Roller

Elite Member
Posts
1,392
Reaction score
2,697
It's that time of the quarter again, the Spring update for macOS, which includes many security fixes. The number of patches for each supported version are:

Ventura: 49
Monterey: 24
Big Sur: 23

Apple is now fixing only about half of the vulnerabilities in previous versions compared to the latest release of macOS. So, if possible, it's best to update to Ventura. I just installed 13.3, and all seems well, personally.

Apple also released a firmware update, versions 16.4, for the Apple Studio Display, which also includes a single security patch. Earlier this month, Apple released updates for Garage Band. I mention it because this is also a good time to make sure that all of your applications, both from Apple and third-party developers, are updated, as well.

Finally, there's new Mac malware, which sends passwords via Telegram.



The usual practices apply to avoid infection, with the added caveat of also not being a pothead who smokes too much cannabis. (Seriously.)



Most of us here are well aware of how to stay safe and the tradeoffs involved in using the latest versions, but not all of our friends, colleagues, and family are. So, make sure that both you and those in your tech sphere of influence update, as well.
Thanks for posting. Worth noting that Apple also released 15.7.4 for iOS/iPadOS devices today.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
Thanks for posting. Worth noting that Apple also released 15.7.4 for iOS/iPadOS devices today.
And thank you for pointing that out. I've stuck to covering just macOS in this thread because Apple's security update methodology is different with the Mac when compared to the iDevices, even though they are released at the same time, and share many of the same exploits.
 

theorist9

Site Champ
Posts
603
Reaction score
548
I tried Ventura in a separate volume, and really didn't like its rendering. Monterey looks great on my 2019 iMac, and pretty good on my two side monitors, especially after I calibrated all of them with my X-Rite i1 Display Pro colorimeter. [Calibration helps not just with photos and videos; it also makes the monitor much nicer to work with for text.] With Ventura I got eye strain. Granted, one should re-calibrate for each new OS, but Ventura was so far off, and Monterey works so well for me, that I've decided to just wait for the next OS after Ventura to see if things are better. I did read online that Ventura has a color bug, so perhaps that's what's causing the issue. I'm probably more sensitive than most to things needing to be be just right in order to avoid eye strain.

Interestingly, I read a warning that one should not try a new OS in a separate volume, because doing so can cause issues with your existing volume (there's not supposed to be cross-over, but that may not be the case)—what's recommended is to instead set up a separate partition. Unfortunately, I've found that, with use, my existing data spreads out over the SSD such that eventually it can no longer be partitioned (I have 1.1 TB of data on a 2 TB SSD, but it said there wasn't enough room to make a partition). Thus I had to make a volume for Ventura instead. And, sure enough, a day after I deleted the Ventura volume, some of my Finder sidebar elements went away. I tried to fix by rebooting, but got an error message with a question mark that told me to try doing first aid on everything. That didn't fix the problem, so ultimately I had to wipe the whole drive and start over. This time I set up a spare partition to start. That way when I want to try the next OS, I'll be able to put it into a separate partition.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
I'm a few days late on this, but it's time for your friendly reminder to update macOS. This time, there are only two exploits, but both are considered critical, because Apple claims that they are "aware of a report that this issue may have been actively exploited". The two patches are for flaws in IOSurfaceAccelerator and WebKit, both of which are patched in the latest supported versions of macOS and the iDevices.

It is notable that the update for macOS Ventura, 13.3.1, was released three days prior to the updates for Monterey and Big Sur, with the WebKit vulnerability being patched for the older versions in a separate Safari update.

Considering that Apple is now only patching roughly half of the vulnerabilities in Monterey and Big Sur relative to Ventura, and this latest three-day delay for older versions, I think is more indication that Apple is pushing for Mac users to install the most current version of macOS. It does make me wonder if, after the Intel transition is complete, Apple will move macOS updates closer to the iOS model of shepherding Mac users to almost exclusively using the latest version of macOS if they want the latest security patches. That hasn't historically been the case, but Apple has never officially promised two years of support for older versions, either.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
Y'all may have noticed that Apple just issued the first Rapid Security Response for iOS and macOS.


RSR only applies to macOS Ventura, so users still on Monterey or Big Sur will have to wait for fixes, assuming they receive them. Earlier versions are now only getting about 50% of the patches compared to the latest release.
 

Colstan

Site Champ
Posts
822
Reaction score
1,124
This is probably the last time I'm going to do this, everyone here knows the score, and you don't need me to cajole you into updating. Unless something major occurs, I thank you all for listening, and hope that you stay safe in your computing endeavors. That being said, for your pre-WWDC pleasure, Apple has released the latest round of updates for all major platforms, including macOS Ventura 13.4 and Safari 16.5. The bug fixes are small, being a late-stage point release, but the security patches are numerous.

Compared to the previous versions, Ventura continues to receive nearly twice the number of fixes. Excluding the five patches for Safari, the number of vulnerabilities patched are as follows:

Ventura: 43
Monterey: 27
Big Sur: 24

As has been the case for some time, and backed up by Apple's own statements, only the latest version of macOS receives full security support.

Thanks again, stay updated, and as they say in Chicago: patch early, patch often!
 

Cmaier

Site Master
Staff Member
Site Donor
Posts
5,212
Reaction score
8,256
This is probably the last time I'm going to do this, everyone here knows the score, and you don't need me to cajole you into updating. Unless something major occurs, I thank you all for listening, and hope that you stay safe in your computing endeavors. That being said, for your pre-WWDC pleasure, Apple has released the latest round of updates for all major platforms, including macOS Ventura 13.4 and Safari 16.5. The bug fixes are small, being a late-stage point release, but the security patches are numerous.

Compared to the previous versions, Ventura continues to receive nearly twice the number of fixes. Excluding the five patches for Safari, the number of vulnerabilities patched are as follows:

Ventura: 48
Monterey: 27
Big Sur: 24

As has been the case for some time, and backed up by Apple's own statements, only the latest version of macOS receives full security support.

Thanks again, stay updated, and as they say in Chicago: patch early, patch often!
No. Keep doing it.
 
Top Bottom
1 2