1. Forum
  2. Usenet
  3. COMP.SYS.MAC.SYSTEM

  • Apple clarifies security update policy: Only the latest OSes are fully

    From NewsKrawler@21:1/5 to All on Fri Oct 28 01:59:21 2022
    https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
    Apple clarifies security update policy:
    Only the latest OSes are fully patched

    New document confirms what security researchers have observed for a few
    years.

    This confirms something that independent security researchers have been
    aware of for a while but that Apple hasn't publicly articulated before.

    Earlier this week, Apple released a document clarifying its terminology and policies around software upgrades and updates. Most of the information in
    the document isn't new, but the company did provide one clarification about
    its update policy that it hadn't made explicit before: Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected.

    In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will
    receive updates for every security problem Apple knows about.

    We've asked Apple to be more upfront about its security communication, and
    this is a step forward in that regard.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From NewsKrawler@21:1/5 to NewsKrawler on Sun Oct 30 07:39:36 2022
    On 2022-10-28, NewsKrawler <newskrawl@krawl.org> wrote:

    https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
    Only the latest OSes are fully patched

    https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases
    Apple Admits It Only Fully Patches Security Flaws In Its Latest OS Releases

    Apple loves to tout that they are a leader in security for personal
    computing devices.

    The company even claimed that "Macs don't have that problem," when
    referring to viruses in the Mac vs. PC ads of 2006 through 2009 starring
    Justin Long and John Hodgman.

    This obviously is not true, and Apple got in legal hot water for the claim.

    According to a document published by Apple and found by our colleagues over
    at Arstechnica, security researchers' fears have rang true. Old versions of operating systems of Apple devices do not get complete security patches.

    The emphasis in the document is that there is a difference between Upgrade
    and Update, at least in the Apple lexicon.

    To Apple, an Upgrade would be a single major version number. For example,
    going from iOS 15 to iOS 16, or macOS 12 to macOS 13 are upgrades, while anything with a decimal after it is an update.

    If consumers want the latest security they are going to have to buy the
    devices that support the latest operating systems.

    That actually shortens actual long-term security life-cycle for some Apple devices, because if the device does not support that latest upgrade, it
    might not get that latest update.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)