Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Concerned about OS X fragmentation and security? Don't be

Dan Moren | Jan. 14, 2014
Think platform fragmentation is something only Android users need to worry about? Over at the Sophos blog, Chester Wisniewski thinks Mac users should worry, too. Why? Because with the increasing pace of OS X updates, those who don't or can't update to the latest version of Mac OS may be left vulnerable to security exploits. Wisniewski claims that, "Apple appears to have stopped releasing security updates for OS X 10.6.8, 10.7.5 and 10.8.5."

Think platform fragmentation is something only Android users need to worry about? Over at the Sophos blog, Chester Wisniewski thinks Mac users should worry, too. Why? Because with the increasing pace of OS X updates, those who don't or can't update to the latest version of Mac OS may be left vulnerable to security exploits. Wisniewski claims that, "Apple appears to have stopped releasing security updates for OS X 10.6.8, 10.7.5 and 10.8.5."

Before you fly into a panic and yank the power cords out of all your old Macs, let's take a look at Wisniewski's assertions.

First of all, his examples comes largely from the enterprise market. According to his figures, 82 percent of enterprise Mac users are at risk because they haven't updated to OS X Mavericks. But in the enterprise sector, adoption rates are generally slower anyway. The plurality of enterprise users are still using OS X Mountain Lion, with smaller (but not insignificant) chunks on Lion and Snow Leopard.

As if that sample weren't limited enough, it's also worth noting that his numbers are based on those enterprise users who have installed Sophos Anti-Virus for Mac Home Edition. That software might be attractive to some companies because it's free. But Sophos also sells a wide-range of products aimed specifically at the enterprise. So while those enterprise users of the Sophos home product might account for a decent number of computers, it's unclear whether it's truly representative of the enterprise market as a whole.

And what about Wisniewski's claim that Apple has stopped releasing security updates for earlier versions of OS X? The most recent update was 2013-004 on September 12 of last year; it was issued in Snow Leopard and Lion versions. Mountain Lion users got 10.8.5, which received additional security patches in October. Mavericks was released in late October, with a 10.9.1 update arriving in December. Apple also patched both versions 6 and 7 of Safari in December, which brought fixes to Lion and Mountain Lion (though not Snow Leopard).

The fact is that Apple regularly goes months between releases of security updates. And while patching vulnerabilities on older versions of the OS is important, it may take a back seat to fixing the current version of the OS. Either way, it seems too soon to declare that Apple has given up all support for previous versions of OS X.

Finally, Wisniewski also contends that Apple has left older users out in the cold:

It is a nice gesture that OS X 10.9 Mavericks is a free upgrade, but not everyone can upgrade. OS X 10.8 Mountain Lion has only been available for 15 months and is apparently already orphaned.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.