Forgot your password?
typodupeerror
OS X Security

Many Mac OS Users Not Getting Security Updates 380

Posted by Soulskill
from the security-updates-aren't-sexy dept.
AmiMoJo writes "According to security company Sophos, around 55% of home users and 18% of enterprise users have updated to Mavericks, the latest version of Mac OS (10.9). Unfortunately Apple appears to have stopped providing security updates for older versions. Indeed, they list Mavericks itself as a security update. This means that the majority of users are no longer getting critical security patches. Sophos recommends taking similar precautions to those recommended for people who cannot upgrade from Windows XP."
This discussion has been archived. No new comments can be posted.

Many Mac OS Users Not Getting Security Updates

Comments Filter:
  • Re:Does it matter? (Score:4, Informative)

    by Anonymous Coward on Friday January 10, 2014 @10:44AM (#45916209)

    Security updates aren't just for viruses.

    That being said, I use a mac and I cannot upgrade to 10.9 because my machine isn't supported. It still does everything I need it to do, it's not slow. I don't think Apple doesn't support it because the hardware IS too old (Intel processor and all), I just think it's because Apple THINKS the hardware is too old. I can tell you that this is the last mac I buy. I dislike Microsoft and Windows with a passion, but at least they don't arbitrarily decide that your PC is too old to run their latest operating system. It may not run it fast, but generally it will run it.

    Linux only from now on.

  • Just no (Score:5, Informative)

    by Sockatume (732728) on Friday January 10, 2014 @10:47AM (#45916227)

    Far be it for me to say that a security company was using dodgy numbers to hype its product, but their MacOS adoption numbers are soley from Sophos-for-MacOS users, which I'd have to imagine is a really spectacularly unrepresentative sample. And their assertions that Mavericks was the only way to get security updates for MacOS going forwards seems to be contradicted by the fact that the previous version of MacOS was security patched when Mavericks was launched.

  • Yes, they are. (Score:5, Informative)

    by tirerim (1108567) on Friday January 10, 2014 @10:52AM (#45916303)
    I'm not sure where the author gets the idea that Apple has stopped releasing security updates for older systems. The page linked from the summary lists updates for software for OS X 10.7 and up as recently as 16 December, a Java update for versions 10.6 and up on 15 October, and the most recent actual security update, also for versions 10.6 and up, on 12 September. Apple releases security updates when necessary, not every Tuesday like Microsoft. The fact that they've released an OS update, which includes security patches, for the most recent version of the OS without releasing one for older versions most likely means that the vulnerabilities addressed were not present in older versions; this has been the Apple release strategy for at least a decade.
  • by MrMickS (568778) on Friday January 10, 2014 @10:57AM (#45916359) Homepage Journal

    Looking at the Apple update release page there hasn't been a Security Update since Mavericks was released so there is no evidence to support the assertion from Sophos.

    The last Security Update from Apple was 2013-004 and included updates for Snow Leopard, Lion, and Mountain Lion. Until Apple releases a security update that *only* targets Mavericks this is just Sophos FUD.

  • Re:Yes, they are. (Score:5, Informative)

    by Sockatume (732728) on Friday January 10, 2014 @10:59AM (#45916387)

    Their support for that assertion is a link to one of their own articles:

    1) From three months ago
    2) Before 10.9 launched
    3) Right after a major OSX 10.8 software update had been released
    4) Which has had its thesis contradicted by the series of subsequent updates you list

    I don't think Sophos are in the "critical thinking" business.

  • by Anonymous Coward on Friday January 10, 2014 @10:59AM (#45916393)

    ...and still, Microsoft is evil and Apple is cool...

  • Well no wonder! (Score:2, Informative)

    by Anonymous Coward on Friday January 10, 2014 @11:00AM (#45916399)

    Mac OS was deprecated 12 years ago when OS X stepped in.

  • Re:Does it matter? (Score:5, Informative)

    by Alan Shutko (5101) on Friday January 10, 2014 @11:22AM (#45916609) Homepage

    OS X is UNIX 03 certified [opengroup.org] by The Open Group and carries the UNIX brand.

  • Re:Just no (Score:4, Informative)

    by AmiMoJo (196126) * <.ten.3dlrow. .ta. .ojom.> on Friday January 10, 2014 @11:22AM (#45916615) Homepage

    If you check the linked page you can see that since Mavericks was released, listed as a security update, all other OS level updates and many of the app updates have required it. They claim not to support older versions.

  • Re:Yes, they are. (Score:5, Informative)

    by AmiMoJo (196126) * <.ten.3dlrow. .ta. .ojom.> on Friday January 10, 2014 @11:31AM (#45916745) Homepage

    Here is the list from Apple's own web site, linked to in the summary:

    19 Dec 2013 Motion 5.1 (OS X Mavericks v10.9 or later)
    16 Dec 2013 OS X Mavericks v10.9.1
    16 Dec 2013 Safari 6.1.1 and Safari 7.0.1 (OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9)
    22 Oct 2013 Apple Remote Desktop 3.7 (Apple Remote Desktop 3.0 or later)
    22 Oct 2013 Apple Remote Desktop 3.5.4 (Apple Remote Desktop 3.0 or later)
    22 Oct 2013 OS X Server 3.0 (OS X Mavericks v10.9 or later)
    22 Oct 2013 Keynote 6.0 (OS X Mavericks v10.9 or later)
    22 Oct 2013 OS X Mavericks v10.9 (Mac OS X v10.6.8 and later)

    (Windows and iOS updates omitted)

    So after the 22nf of October 2013 when Mavericks was released they don't seem to be back-porting all their patches for either the OS or all apps. Note that the 16th December patch to Mavericks appears to fix bugs that exist in older versions of Mac OS, which did not receive an update. There are all security patches specifically, not just feature updates.

  • by UnknowingFool (672806) on Friday January 10, 2014 @11:43AM (#45916911)
    Apple isn't discontinuing security updates to Mountain Lion. Even in the link provided, Apple updated Safari just last month and updates to versions as old as Snow Leopard in October. Unlike MS, Apple doesn't have a regular patch Tuesday.
  • by nonsequitor (893813) on Friday January 10, 2014 @11:46AM (#45916947)

    When was the last time iOS 4 recieved a security update? Additionally, if you actually had an iPhone 3G you would know that upgrading to iOS 4 basically rendered it useless even though it was technically possible.

  • Was the Amiga a PC? (Score:3, Informative)

    by tepples (727027) <tepples@nOSpAM.gmail.com> on Friday January 10, 2014 @12:24PM (#45917501) Homepage Journal
    The Mac was a PC exactly to the extent that an ST or Amiga was a PC. Until the Intel transition, the architecture of the Mac wasn't anywhere near that of the IBM-compatible (now Lenovo-compatible) PC. Nor was the architecture of Mac OS or OS X anything like that of MS-DOS or Windows.
  • by UnknowingFool (672806) on Friday January 10, 2014 @01:14PM (#45918129)

    I think the main difference is that Apple does things in small steps rather than large steps so transitions are easier. For example between OS X Cheetah (10.1) and Leopard (10.5) there was so much change that many programs that worked in Cheetah may not work in Leopard but each versions was only a small change from the previous. MS did the same thing in the same time from XP -> Vista but the changes were so abrupt that it broke so many things. Leopard brought in the new Intel CPUs. Snow Leopard contained a great deal of changes to the core systems including the transition to 64-bit. The pattern from Apple has been major architectural changes then refinements for a few versions then major architectural change.

  • Re:FPS Russia (Score:4, Informative)

    by UnknowingFool (672806) on Friday January 10, 2014 @04:24PM (#45920369)

    So pay a premium for the hardware then spend loads more getting a non-OEM install of windows and potentially a license for your VM solution.

    Yes, because getting an OEM versions of Windows for the PC I built myself is rather easy and cheap. Also the cost of Windows is $0 for all OEM systems right? I didn't pay anything for it at all.

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...