Apple has confirmed for the first time that the manufacturer does not fix all vulnerabilities in previous macOS versions. The same obviously applies to iOS.
Mac users only get all security patches if they are using the very latest version of the operating system. Apple made that clear for the first time. Due to “dependencies in terms of architecture and system changes” in the current version of macOS, “not all known security gaps in earlier versions are addressed,” the manufacturer says in a supplement to a support document about software Updates for Apple devices. The just released macOS 13 Ventura is mentioned as an example of the current version, an earlier version is the predecessor macOS 12 Monterey.
Criticism of open vulnerabilities
Apple thus confirms the reports of security researchers who have been pointing out this incomplete patch strategy for a long time and who have repeatedly criticized it. The manufacturer makes users so vulnerable, it was said last year: A gap that was silently patched in macOS 11 Big Sur was not patched in the previous version macOS 10.15 Catalina for a period of seven months – and during this period it was apparently also actively exploited for attacks.
There is no concrete and repeatedly requested update promise from Apple. Over the last decade, macOS has gotten used to the fact that the two macOS versions preceding the current version continue to receive security updates. Apple usually releases a major upgrade for macOS every fall and removes support for one of the older versions several weeks beforehand.
For example, macOS 13 Ventura was released on October 24, but macOS 10.15 Catalina, which was released in autumn 2019, apparently received its last security update in July 2022. In August, Apple added an important patch for the WebKit substructure of the Safari browser, this gap was also probably exploited for attacks. Parallel to macOS 13, the manufacturer also released security updates for the two previous versions, which, however, only contain a conspicuously small part of the security fixes mentioned for Ventura.
Only the latest iOS fully patched
For older iPhones and iPads, Apple also releases individual security updates for particularly serious security gaps, but here too only the latest iOS or iPadOS version receives all patches. Apple usually brings its operating systems to relatively old hardware, but this year the requirements have increased significantly: For example, iOS 16 no longer runs on the iPhone 7 and macOS Ventura is not available for the MacBook Pro 2016.