Message-ID:

6 May, 2024: The networking issue during the past two days has been identified and appears to be fixed. Will keep monitoring.

computers / comp.sys.mac.system / Apple clarifies security update policy: Only the latest OSes are fully patched

Apple clarifies security update policy: Only the latest OSes are fully patched

<tjfd1n$c1tf$1@paganini.bofh.team>

https://www.novabbs.com/computers/article-flat.php?id=15020&group=comp.sys.mac.system#15020

copy link Newsgroups: comp.sys.mac.system

Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: newskr...@krawl.org (NewsKrawler)
Newsgroups: comp.sys.mac.system
Subject: Apple clarifies security update policy: Only the latest OSes are fully patched
Date: Fri, 28 Oct 2022 01:59:21 -0000 (UTC)
Organization: To protect and to server
Message-ID: <tjfd1n$c1tf$1@paganini.bofh.team>
Injection-Date: Fri, 28 Oct 2022 01:59:21 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="395183"; posting-host="Dj+cCDj8UalGBjrWyMkOzw.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
Cancel-Lock: sha256:4GdUhDqH/4tOfB8rLZdUMU+XhSwy4G5dt0OipdaWHNU=
X-Notice: Filtered by postfilter v. 0.9.3

by: NewsKrawler - Fri, 28 Oct 2022 01:59 UTC

https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
Apple clarifies security update policy:
Only the latest OSes are fully patched

New document confirms what security researchers have observed for a few
years.

This confirms something that independent security researchers have been
aware of for a while but that Apple hasn't publicly articulated before.

Earlier this week, Apple released a document clarifying its terminology and
policies around software upgrades and updates. Most of the information in
the document isn't new, but the company did provide one clarification about
its update policy that it hadn't made explicit before: Despite providing
security updates for multiple versions of macOS and iOS at any given time,
Apple says that only devices running the most recent major operating system
versions should expect to be fully protected.

In other words, while Apple will provide security-related updates for older
versions of its operating systems, only the most recent upgrades will
receive updates for every security problem Apple knows about.

We've asked Apple to be more upfront about its security communication, and
this is a step forward in that regard.

Re: Apple clarifies security update policy: Only the latest OSes are fully patched

<tjl9nn$1feh9$1@paganini.bofh.team>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=15043&group=comp.sys.mac.system#15043

copy link Newsgroups: comp.sys.mac.system

Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: newskr...@krawl.org (NewsKrawler)
Newsgroups: comp.sys.mac.system
Subject: Re: Apple clarifies security update policy: Only the latest OSes are fully patched
Date: Sun, 30 Oct 2022 07:39:36 -0000 (UTC)
Organization: To protect and to server
Message-ID: <tjl9nn$1feh9$1@paganini.bofh.team>
References: <tjfd1n$c1tf$1@paganini.bofh.team>
Injection-Date: Sun, 30 Oct 2022 07:39:36 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1554985"; posting-host="Dj+cCDj8UalGBjrWyMkOzw.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
Cancel-Lock: sha256:2pjmXv9Xh3v8GKjCKIB0cSH/Po6f6iUOJq1mtGvmgrw=
X-Notice: Filtered by postfilter v. 0.9.3

by: NewsKrawler - Sun, 30 Oct 2022 07:39 UTC

On 2022-10-28, NewsKrawler <newskrawl@krawl.org> wrote:

> https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
> Only the latest OSes are fully patched

https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases
Apple Admits It Only Fully Patches Security Flaws In Its Latest OS Releases

Apple loves to tout that they are a leader in security for personal
computing devices.

The company even claimed that "Macs don't have that problem," when
referring to viruses in the Mac vs. PC ads of 2006 through 2009 starring
Justin Long and John Hodgman.

This obviously is not true, and Apple got in legal hot water for the claim.

According to a document published by Apple and found by our colleagues over
at Arstechnica, security researchers' fears have rang true. Old versions of
operating systems of Apple devices do not get complete security patches.

The emphasis in the document is that there is a difference between Upgrade
and Update, at least in the Apple lexicon.

To Apple, an Upgrade would be a single major version number. For example,
going from iOS 15 to iOS 16, or macOS 12 to macOS 13 are upgrades, while
anything with a decimal after it is an update.

If consumers want the latest security they are going to have to buy the
devices that support the latest operating systems.

That actually shortens actual long-term security life-cycle for some Apple
devices, because if the device does not support that latest upgrade, it
might not get that latest update.

Subject	Author
Apple clarifies security update policy: Only the latest OSes are fully patched	NewsKrawler
Re: Apple clarifies security update policy: Only the latest OSes are fully patch	NewsKrawler