Apple Admits It Only Fully Patches Security Flaws In Its Latest OS Releases
We here at HotHardware regularly advise our readers to ensure that their systems and software are up to date. Updates may include cool new features, but most updates are security-driven, patching holes, fixing glitches, and preventing exploits. However, for Apple, apparently not all systems are created equal, for not all devices will get complete patches for certain updates.
Apple loves to tout that they are a leader in security for personal computing devices. The company even claimed that "Macs don't have that problem," when referring to viruses in the Mac vs. PC ads of 2006 through 2009 starring Justin Long and John Hodgman. This obviously is not true, and Apple got in legal hot water for the claim.
According to a document published by Apple and found by our colleagues over at Arstechnica, security researchers' fears have rang true. Old versions of operating systems of Apple devices do not get complete security patches. The emphasis in the document is that there is a difference between Upgrade and Update, at least in the Apple lexicon.
iPhone showing live translations from iOS 16
To Apple, an Upgrade would be a single major version number. For example, going from iOS 15 to iOS 16, or macOS 12 to macOS 13 are upgrades, while anything with a decimal after it is an update. This is interesting, and follows suit with a lot of other software number versioning. This also clarifies something involving updates.
Not all updates line up with each other, if they even happen at all. iOS 16 is the latest version of iOS, but prior to this was iOS 15.4. Let's say that iOS 16 gets an update to iOS 16.1 and it's mostly security updates to iOS itself that likely are applicable to iOS 15 versions. In this example, iOS 15.4 might not get an update to 15.5 until much later, if at all. The same rules apparently apply to iPadOS, and macOS.
iPad with iPadOS 16
Now, most Macs still have a six to seven year update cycle, and iPhones get five years of updates. These are actually some of the longest timelines for this type of service in the industry. However, if users are not getting the most recent patches and updates for security, this turns into a bit of a catch 22—if consumers do want the latest security they are going to have to buy the devices that support the latest operating systems. So that actually shortens actual long-term security life-cycle for some devices, as if the device does not support that latest upgrade, it might not get that latest update.