Apple policy document admits withholding security fixes for devices not on the latest supported OSes

[RedRound2]

8 hours ago, Salv8 (sam) said:

bro even microsoft updates older windows versions because it keeps the userbase safe.
they fuckin updated xp in 2014, AFTER THEY DISCONTINUED SUPPORT.

i don't like microsoft but i can commend their actions when it comes to important security patches.

Even Apple has patches previous versions of macOS.

 

Also, when it comes to Microsoft, they did it because they had to. Many businesses still used XP and paid Microsoft to specifically update it. When some major vulnerability came in that required to you turn off internet on XP machines, Microsoft rolled it out to everyone because they surely did not want people to get hacked/taken down and move to some alternative like Linux.

 

So, it was not out the goodness of their heart or anything as you make it to be. But tbc, its a valid reason for a business to do so

8 hours ago, Salv8 (sam) said:

this is just plain horrible, the people who can't afford the latest and greatest apple devices get fucked because an apple exec decided the aren't worth it?

not cool.

What are you even talking about. iOS 16 is supported from devices from 5 years ago.

[AlTech]

2 hours ago, FakeKGB said:

Well, let's look at iOS 12. 

  Reveal hidden contents

For those curious, Peace is the iOS 12 codename and Yukon is the iOS 13 codename.

Do you know what Apple did? They fixed bugs in both iOS 12 and 13.

I went out of my way to make it clear in the oroginal post that Apple provides security updates but that those updates don't always include fixes for all the issues Apple knows about because Apple sometimes chooses not to patch some issues on older supported versions.

 

Just because Apple continues to release IOS 12 updates doesn't mean Apple is withholding fixes for some issues in updates they do push out to older supported OSes.

2 hours ago, FakeKGB said:

And then fixes from 14 too. And even fixes from 15. iOS 15.7 patched the same things as iOS 16.0, iOS 15.7.1 (not yet released, we have an RC) is likely to patch the same things as 16.1.

 

They still patch Big Sur and Monterey. macOS 11.7.1 and 12.6.1 were released a few days ago.

And yet Apple's documentation says macOS 12 won't always get fixes for issues affecting both macOS 12 and macOS 13 because Apple chooses not to due to "architecture changes".

2 hours ago, FakeKGB said:

Also, another thing you have to remember. Exploitation of modern-day iOS and macOS is really flippin' hard.

It's actually fairly easy if you know what issued Apple refuses to patch on IOS 12 or IOS versions that aren't the latest.

2 hours ago, FakeKGB said:

Want to pwn iOS 16? Good luck. You have to get:
1. kernel exploit that can NOT be a use-after-free type bug (iOS 16 broke using these entirely).
2. PAC or PPL bypass
3. amfi taskport
4. LaunchConstraints patch
5. sandbox escape
6. KTRR bypass
7. optional, but recommended: KPP patch

If you want to make it deployable from Safari, you'll have to find a useful WebKit exploit too. WebKit vulns are plenty, useful ones are not.

 

macOS is somewhat easier as it's not as locked down, but in its default state it's not easy to get malware on a Mac. Gatekeeper is very good at its job of preventing malicious software from being run, and the drive to create malware for macOS isn't there as it's A. much more difficult B. smaller userbase.

There's still plenty of malware for macOS.

25 minutes ago, RedRound2 said:

Another example of pathetic iHateApple fanboy club threads going on around in this forum.

I'm not part of any fanboy club hating Apple. If any other company did this I would be just as unhappy with them. This isn't cool no matter who does it.

25 minutes ago, RedRound2 said:

One, all devices that are eligible for major upgrades automatically get security patches with the upgrades.

But those security patches don't always patch all the known issues that Apple has patched in other versions.

25 minutes ago, RedRound2 said:

Which might I remind of all of you typically stretches from anywhere between 4-7 years. For the last two versions of iOS I believe, Apple hasn't made it mandatory to people to immediately update to latest iOS until .1 or .2 release. So security patches also roll out for previous versions

See above.

25 minutes ago, RedRound2 said:

If say some devices are not eligible for the upgrade, Apple has always rolled out major security updates for those previous versions like iOS 12. People have cited examples here.

Not always. iOS 12 is an exception but not the rule. The only other examples were IOS 9 and IOS 10.

25 minutes ago, RedRound2 said:

Again, a nothing burger article that just says that Apple can't always patch every single thing in every Apple device since Apple was founded.

That's a gross misscharacterisation and I think you know it. The article is saying Apple doesn't fix all the issues they know about on older macOS and IOS versions that are supported because Apple isn't bothered.

25 minutes ago, RedRound2 said:

It has to be written for legal purposes, but of course the fnadom takes it and runs with it like there's no tomorrow.

 

Also, the alternative that nobody seems to dare utter here.  People are jumping straight to windows even though Android is more comparable here. You think all the billions of android phones, mostly lying in the mid to low tier phones are getting updates regularly? Heck, hasn't google said they will only support 3 years of security patches? The irony and double standard are quite mind-blowing here.

 

Android security patches for different android versions don't secretly have fixes withheld from them and only given to the latest Android version if an issue affects multiple versions.

 

IOS and macOS do and it's disturbing.

[Sauron]

10 hours ago, Salv8 (sam) said:

the people who can't afford the latest and greatest apple devices get fucked because an apple exec decided the aren't worth it?

This has been apple since like day one... while they've typically maintained software ""support"" (which as per this turns out to be conditional anyway) for longer than others the hardware itself has always suffered heavily from poor or no upgradability and essentially planned obsolescence when you could technically upgrade to the newest OS but would get terrible performance in return. Not to mention the slew of engineering defects that would cause various models to die systematically and prematurely with prohibitively expensive official repairs.

1 hour ago, RedRound2 said:

Also, the alternative that nobody seems to dare utter here.  People are jumping straight to windows even though Android is more comparable here. You think all the billions of android phones, mostly lying in the mid to low tier phones are getting updates regularly? Heck, hasn't google said they will only support 3 years of security patches? The irony and double standard are quite mind-blowing here.

The difference being that Google has at least been upfront about it. And if you are still getting patches and updates you can safely assume security updates are also in there for problems that are known and fixed on other versions. The problem with Apple here is the lack of transparency; if they had said upfront that older versions are just not fully supported and you should upgrade as soon as possible if you care at all about security updates then it would have been fine or at least understandable.

2 hours ago, RedRound2 said:

Another example of pathetic iHateApple fanboy club threads going on around in this forum.

Yeah, and yet another example of you showing up to throw around the usual WELL WHAT ABOUT GOOGLE when it's pretty irrelevant to the discussion. Are you not capable of discussing a critique of Apple without jumping on the defensive and attacking their competition? It can simultaneously be true that Apple did something wrong here and that Google also does things that are wrong or bad. We're not talking about Google though.

4 hours ago, FakeKGB said:

Also, another thing you have to remember. Exploitation of modern-day iOS and macOS is really flippin' hard.

Want to pwn iOS 16? Good luck. You have to get:
1. kernel exploit that can NOT be a use-after-free type bug (iOS 16 broke using these entirely).
2. PAC or PPL bypass
3. amfi taskport
4. LaunchConstraints patch
5. sandbox escape
6. KTRR bypass
7. optional, but recommended: KPP patch

If you want to make it deployable from Safari, you'll have to find a useful WebKit exploit too. WebKit vulns are plenty, useful ones are not.

The thing with exploits is that if they are known they usually get fixed. If there were obvious attack vectors they'd already have been addressed; it's the non-obvious that gets you.

 

Also this piece of news is specifically about vulnerabilities that are known but Apple chooses not to fix on versions of iOS that are still officially supported.

6 hours ago, Roswell said:

Except OS X Lion supports Macs from 2008. You’re sitting there with a straight face whining about how Apple no longer supports 2008 Core 2 Duo machines. Lol.

I have core 2 machines running modern software. But that's not even the issue really, it's fine if they don't want to support Lion - they just need to say it clearly. Not call it "supported" and then not actually release security fixes for it.

[Kisai]

13 hours ago, AluminiumTech said:

 

 Not gonna lie I think this should be illegal. If an OS version is a supported OS and the decekopers know it has security issues they should be legally obligated to fix them or to drop support for that OS entirely.

 

 

Nah. Short of government regulation requiring vendors of computer hardware to support the hardware and software for 10 years, nothing will change. Keep in mind your average desktop or laptop is only made to last 3 years, at most. Apple's hardware always lasts about 7. Including the iphone and ipad. I can still use my 2012 ipad. I don't because it literately takes so long to get out of sleep mode because what I presume is it attempting to contact Apple and getting timed out before it responds. "This iPad has not been backed up in ____ weeks" , try years.

 

Just because a device still works, doesn't necessarily mean it's still useful. I recently took a look at the screen, keep in mind this device has been indoors for the last 5 years, and I've noticed there is humidity underneath the screen, and the home button is barely responsive, so for all intents this device is no longer useful unless it's left on the same app, which is what I had been doing, leaving it on the 2FA screen for something.

 

It's not generally worth developing and pushing updates to hardware that no longer "calls home" to get it, which is how Apple can determine if it's worth developing those updates. Once a device no longer supports the active radio mode (eg 3G, LTE, 802.11B/G/N) it's likely no longer going to be on the internet to receive the update. How many of you bought ethernet adapters for your phones? I doubt very many. What about keeping around an insecure 802.11 router in WEP mode so you can connect your older devices? I doubt it.

 

If it still works, fine, but expecting "security updates" to a piece of hardware that is neither targeted or even on the internet any more tends to be a bit pointless. For example, let's say you put an old Windows 3.1 or 95 computer back on the internet. There is no current internet software that works on either of these. You'd have to use vintage software, and that vintage software hasn't received updates in decades, and won't work with any website that has ads on it.   Yet are unlikely to be worth developing an exploit for either.

 

Understand the mind of the people who develop RAT (Remote Access/Attack Tools), they target the most common thing out there which will be basically 3 year old hardware that manufacturers are no longer pushing updates to. Developing exploits for bleeding edge hardware and software may be more successful, but it won't be the most common target. Targeting anything older than 5 years may also be not terribly successful as it will largely be Linux machines, usually in data centers, and Linux machines are usually extremely vulnerable for the exact reason Linux is used in the first place. Virtual machine deployment and docker containers, running old software because "it works".

 

Are you going to find Apple servers? No. Are you going to find Mac Desktops? No. The most common, and valuable Apple device to target will be iPhone in the United States. However the most vulnerable phone will be Android devices because people hold onto them without being updated, because the manufacturer and carrier don't push updates. Never mind "Android powered" televisions and other devices build upon Android, but don't have the lifecycle of a phone.

 

[Sauron]

2 hours ago, Kisai said:

If it still works, fine, but expecting "security updates" to a piece of hardware that is neither targeted or even on the internet any more tends to be a bit pointless. For example, let's say you put an old Windows 3.1 or 95 computer back on the internet. There is no current internet software that works on either of these. You'd have to use vintage software, and that vintage software hasn't received updates in decades, and won't work with any website that has ads on it.   Yet are unlikely to be worth developing an exploit for either.

I don't follow the logic though - Apple is updating this software occasionally but it's not bundling in security updates. If they don't expect it to ever receive the update, why update it at all? If they do expect it to get the update, why not include the security fixes and most of all why not be clear about what level of support you're getting from the start?

[Dracarris]

12 hours ago, AluminiumTech said:

And IOS 15 users aren't necessarily getting all the security fixes that IOS 16 gets because if Apple's policy.

 

So people with the 6S (or 6S Plus), SE 1st gen, and 7 (or 7 Plus) are screwed when it comes to security.

That's factually wrong. Since iOS 15 dropped support for some models, for the foreseeable future iOS 12, 15, and 16 will receive security fixes.

All users of the devices you listed will be covered.

12 hours ago, Blademaster91 said:

So if someone is using an older device and can't upgrade to the latest mac or iphone they won't get the same patches as the latest OS version, that just seems so typical of apple, instead of clearly stating what the updates contain they f*&k their consumers over by not fully patching the previous OS versions.

And with macs it seems like they want to kill off the intel macs, considering they dropped OS support with the 2016 macbooks.

That is as well factually wrong for the same reasons. Every device will receive security patches for the respectively last supported OS.

"Dropped OS support" only means new macOS generations won't be available for said devices, the old generations will still receive security updates.

 

Also, it looks like you forgot to reply to me (twice) in the other thread where you claimed phones are built to break and be replaced after 2 years.

[Kisai]

2 hours ago, Sauron said:

I don't follow the logic though - Apple is updating this software occasionally but it's not bundling in security updates. If they don't expect it to ever receive the update, why update it at all? If they do expect it to get the update, why not include the security fixes and most of all why not be clear about what level of support you're getting from the start?

For example, OpenSSL, requires greater CPU power. Older devices might have older OpenSSL versions, but Apple wants you to use a different API

https://discussions.apple.com/thread/7923536

 

Quote

There is no OpenSSL version for the Mac. Years ago, Apple shipped a patched-up version of OpenSSL 0.9.8, getting all the way up to version "zh" according to your post. But for several years now, that has just been a compatibility library so that old, abandoned code from the 90s would still compile on a Mac. All developers should be using Apple's new security libraries instead. Any developer who wants to use OpenSSL should include the current version in their app.

 

Generally, you see stuff like this when it comes to "why doesn't X update to Y" , no matter if it's Apple or some other vendor like Redhat, the desire to retain backwards compatibility tends to be prioritized. So if updating OpenSSL to 1.1.1 breaks everything expecting 0.9.8 (and a LOT of old software expects 0.9.8, on Linux and BSD as well, and you can't just drop-in replace it.) then you're just not going to do it. If you want newer OpenSSL, don't depend on the OS library and ship your own.

 

That's just an example (and a known one) of where a critical OS library, at least on other platforms is not deemed "critical" on MacOS

 

Because Apple has migrated from M68K to PPC to Intel x86 to Intel x86-64 to ARM, that means that supporting all the architectures are impossible when a library expects instructions to be available, and aren't. If you're running a 10 year old piece of hardware that doesn't have the AES instructions, then the device is going to suffer a lot more when it has to deal with todays "TLS1.3" sites, never mind TLS1.2.

 

Google, and subsequently Firefox's push to not support unencrypted HTTP connections and treat them as dangerous means that any website that did the "recommended" changes, cuts off a lot of old devices.

Take note that if a server is running the recommended "TLS 1.3+1.2 with no fallback to TLS 1.1 or SSL3" that makes iOS9/OS X 10.11 the oldest supported OS that can still use the internet. When more servers switch over to TLS 1.3 and start removing 1.2 support, means iOS 12/MacOS 10.14 ends up being the minimum that can still functionally use the internet.

 

Not all "updates" are reasonable to push out, if you know it will break everything. Like on OS's other than Apple's, if you update the OS OpenSSL, you have to recompile pretty much every program on the server. And if you screw up, anywhere, you end up locked out of the OS because basic services won't run upon reboot. I assume this is the justification for why some updates don't happen for older devices, because you'd have to push a multi-hundred MB update to update everything, rather than a few MB's to update something that doesn't require the entire OS to be recompiled.

 

On desktops, it's a bit easier to push obnoxiously large updates, because you can expect the storage on the device to be sufficient, but if you see your device has to download a 1GB update every few days, you get rightfully annoyed. That's why some updates are pushed off if they aren't critical.

 

And the thing we often overlook is how much "validation" nonsense comes from carriers. People running "carrier devices" might not receive updates to their devices because the carrier doesn't prioritize validating devices they aren't currently selling.

[wanderingfool2]

8 hours ago, RedRound2 said:

Even Apple has patches previous versions of macOS.

 

Also, when it comes to Microsoft, they did it because they had to. Many businesses still used XP and paid Microsoft to specifically update it. When some major vulnerability came in that required to you turn off internet on XP machines, Microsoft rolled it out to everyone because they surely did not want people to get hacked/taken down and move to some alternative like Linux.

There is a distinct difference here though.  (Although the XP example isn't exactly great as it really was an exception to the update rule anyways).

 

The difference between what MS is doing and Apple is doing is quite different.  MS offers a LTS, where they issue security updates when they find them.  Even though they charge for it they make it very clear when the support ends and if you haven't purchased into the LTS you don't get updates at all.  Eternal Blue though only was patched for older systems because key infrastructure still ran on it (despite warnings not to), so they really didn't have much choice but to patch it...which is why I do think people using it as an example isn't good.

 

Where Apple runs afoul here is that they know of a security flaw, but still issue updates to the supported OS's but fail to fix the security flaw.  This is a very key difference and makes it terrible.  A known security issue that is being fixed in one OS should be fixed in an older supported one (if updates are still being applied to the older one).  Or it needs to be made very clear that it's only partially supported for features and not security updates.  Apple does neither, which poses a security risk (as you can analyze an update for a newer OS and work out the exploit and exploit the old still supported OS)

 

Apple could easily have fixed it if they wanted to by doing one of the following.  Discontinuing the older OS (making it clear that it's not getting more updates), or clearly label that they aren't doing security updates.  Instead it's the classical Apple approach of masking intentions behind closed doors (probably for saying they could

[LAwLz]

So you have to install the latest version of iOS and MacOS to be fully patched.

The latest version your device supports will be the one with all the security fixes.

 

Seems fair to me. Of course it would be better if users who liked iOS 15 more than iOS 16 could still get all the security updates while staying on iOS 15, but I don't think people expect that. 

 

I feel like some people are misunderstanding what is happening, or trying to make this sound like a bigger issue than it is. 

[Sauron]

22 minutes ago, Kisai said:

Not all "updates" are reasonable to push out, if you know it will break everything. Like on OS's other than Apple's, if you update the OS OpenSSL, you have to recompile pretty much every program on the server. And if you screw up, anywhere, you end up locked out of the OS because basic services won't run upon reboot. I assume this is the justification for why some updates don't happen for older devices, because you'd have to push a multi-hundred MB update to update everything, rather than a few MB's to update something that doesn't require the entire OS to be recompiled.

 

This is all very interesting but it doesn't explain why security updates that are released for the latest OS are not released for the immediately preceeding verision, despite that version still being officially supported and receiving regular updates. I doubt updating the OpenSSL version could be an issue in catalina but somehow not in big sur (just as an example); either that library needs to be kept as is for compatibility or it doesn't. If we were talking about a gap of decades spanning 3 different architectures I could understand why some libraries can't be updated across the board, but we're talking months and identical hardware. Apple doesn't even do server hardware so breakages in 20 year old software are probably a pretty minor concern, especially since they already broke all of those by hopping architectures twice.

 

Also again I don't really take issue with the concept of outdated releases not getting updates if you can just ugprade to the newest release, what I do take issue with is not being transparent about it and telling your customers that their os is fully officially supported when it's not.

[Franck]

17 hours ago, Salv8 (sam) said:

bro even microsoft updates older windows versions because it keeps the userbase safe.
they fuckin updated xp in 2014, AFTER THEY DISCONTINUED SUPPORT.

Microsoft is special they have 2 extra support. You have the basic EOL support which seems to run between 7 and 10 years then you have an extended support that is 5years up to 10 years after that. An finally you have custom contract for long period support which happen usually with banks, military and government services.

[Just that Mario]

20 hours ago, AluminiumTech said:

This means that the only way to truly be safe against security issues on Apple Hardware is to stay on the latest OS version.

Just like with literally every single f*cking device on this planet. WOW who would've thought! Don't tell OP Internet Explorer is no longer supported.

[wanderingfool2]

1 hour ago, LAwLz said:

So you have to install the latest version of iOS and MacOS to be fully patched.

The latest version your device supports will be the one with all the security fixes.

 

Seems fair to me. Of course it would be better if users who liked iOS 15 more than iOS 16 could still get all the security updates while staying on iOS 15, but I don't think people expect that. 

 

I feel like some people are misunderstanding what is happening, or trying to make this sound like a bigger issue than it is. 

When the iOS is still supported and receiving updates yes people very much expect to be getting security updates along with that.  If Apple didn't want to fix some security issues on the older iOS then set the EOL for the thing and stop releasing updates to it.

 

The whole issue is that they aren't setting an EOL for the OS, and providing updates (which they vaguely mention security updates), but then at the same time they neglect to fix security updates that exist in both version (but is fixed on the more modern one)

[Just that Mario]

5 hours ago, Sauron said:

I don't follow the logic though - Apple is updating this software occasionally but it's not bundling in security updates. If they don't expect it to ever receive the update, why update it at all? If they do expect it to get the update, why not include the security fixes and most of all why not be clear about what level of support you're getting from the start?

Perhaps because some things can be updated retrospectively with relative ease, but not all. Imagine being a software developer that has to go fix same shit on past 10+ years of software releases. They'll end up jumping out of the window.

[Sauron]

22 minutes ago, Just that Mario said:

Perhaps because some things can be updated retrospectively with relative ease, but not all. Imagine being a software developer that has to go fix same shit on past 10+ years of software releases. They'll end up jumping out of the window.

I doubt it's just one guy in charge of this... and it might be a valid argument for not supporting old releases at all but that's not what's happening here. Here they're being dishonest about their level of support, or at least they were. if you say it's officially supported and give no indication the support is tiered in any way then people rightly assume that that support covers all security updates too.

[Arika]

5 hours ago, LAwLz said:

So you have to install the latest version of iOS and MacOS to be fully patched.

The latest version your device supports will be the one with all the security fixes.

 

Seems fair to me. Of course it would be better if users who liked iOS 15 more than iOS 16 could still get all the security updates while staying on iOS 15, but I don't think people expect that. 

 

I feel like some people are misunderstanding what is happening, or trying to make this sound like a bigger issue than it is. 

Would you still be saying the same thing if Microsoft stopped updating and patching Windows 10 on all PCs that could upgrade to Windows 11?

 

Haven't people been complaining each time there's a new Windows OS about how Microsoft forces them to try and upgrade with notifications and pop ups?

[rikitikitavi]

26 minutes ago, Arika S said:

Would you still be saying the same thing if Microsoft stopped updating and patching Windows 10 on all PCs that could upgrade to Windows 11?

 

Haven't people been complaining each time there's a new Windows OS about how Microsoft forces them to try and upgrade with notifications and pop ups?

Tell me if I'm wrong that it is WAAAY less of a hassle for an average Apple user to update/upgrade macOS, then for any average Windows user to do the same.

 

Windows realm still has people avoiding Windows 10... can't say the same about macOS users.

[LAwLz]

4 hours ago, wanderingfool2 said:

When the iOS is still supported and receiving updates yes people very much expect to be getting security updates along with that.  If Apple didn't want to fix some security issues on the older iOS then set the EOL for the thing and stop releasing updates to it.

 

The whole issue is that they aren't setting an EOL for the OS, and providing updates (which they vaguely mention security updates), but then at the same time they neglect to fix security updates that exist in both version (but is fixed on the more modern one)

But, isn't what they are doing essentially setting the OS as EOL?

The news is that older versions of iOS aren't getting security updates, except when it is the last supported version for some particular phone.

 

If you are on iOS 15 and search for updates, you will not be offered version 15.1 if version 16 is out. You will download version 16, and that includes all the security updates.

 

 

I feel like a lot of people reading this thread thinks that Apple are withholding security updates, making it impossible for users to get them. They aren't. What the news says is that if you want the latest security updates you also have to update the OS to the latest version. I feel like this is a nothing burger.

 

The entire news topic exists because they aren't releasing updates to the older versions. That is what some people are complaining about, that they don't get the option to install version 15.1 (as an example) and are instead forced to update to 16 if they want some patches that theoretically could be included in a non-existing 15.1 update.

 

 

 

59 minutes ago, Arika S said:

Would you still be saying the same thing if Microsoft stopped updating and patching Windows 10 on all PCs that could upgrade to Windows 11?

 

Haven't people been complaining each time there's a new Windows OS about how Microsoft forces them to try and upgrade with notifications and pop ups?

I think that would be a valid comparison except:

1) The updates from Windows 10 to Windows 11 are not as well received as the updates from for example iOS 15 to iOS 16. Telling users "sorry, but you have to run the latest OS to get the latest patches" is not as big of a deal if people actually want to upgrade to the latest OS. The same can not be said for Windows.

 

2) Microsoft has to develop the patches for the older versions of Windows anyway because there will always be a ton of people who can't upgrade to version X or Y or Z. So they have to put in the time and effort to backport security fixes to older versions regardless. On an OS like iOS, there is no need for Apple to develop a special patch for version 15 because pretty much everyone on iOS 15 can, want and will upgrade to version 16 where the security issue is fixed.

 

3) The security in Windows a way bigger issue than on iOS. Fixing security issues is always important, but it is a scale. Windows is about the most attacked and vulnerable OS we got. It is very important that it is up to date. On iOS however, the exploits are much rarer and those that exist are often very hard to pull off. There is simply not as big of a need to patch issues on iOS as there is on Windows.

 

4) We have a very strong historical precedent for patches to be released on older versions of Windows, and we don't have the same history with iOS. Like it or not, having something taken away from you feels worse than if you never got it to begin with. 

 

 

I think those 4 points are very important and why I am okay with this iOS policy, but not if a similar policy was applied to Windows. 

 

Also, Microsoft have definitely taken big steps towards implementing this in Windows too. The way versioning works on Windows is very different from iOS so we can't really compare them one to one, but Microsoft has taken away a lot of control from users about which updates gets installed and when since Windows 10. You used to be able to pick and choose which updates you wanted to install. These days it's all or nothing. A security patch gets released for some Windows component like Explorer? Sorry, but if you want that update then you also have to download these 20 other updates that you may or may not want.

The only difference are fairly arbitrary lines between what Microsoft calls a security update, a full upgrade, and what Apple calls a security update and a full upgrade. They are even more arbitrary now that Microsoft are making fairly major changes (like tabs in Explorer) outside of the regular feature updates.

At this moment in time, there might be people that are unable to install a security update in Windows 11 without also installing an update that makes changes to Explorer such as introducing tabs. I think that situation is very similar to what Apple are doing. It's just that Microsoft has chosen to not call the tabbed Explorer update an upgrade or feature update or change the major version number.

[AlTech]

4 hours ago, LAwLz said:

But, isn't what they are doing essentially setting the OS as EOL?

The news is that older versions of iOS aren't getting security updates, except when it is the last supported version for some particular phone.

No, that's not it. The news is that macOS anf IOS dont get all the scurity fixes within thr patch for them compared to newer versions.

 

Hypothetical: Example:

 

Apple releases macOS 13.1 which fixes a WebKit vulnerability, some memory security issues, and a kernel panic issue.

 

Apple also releases macOS 11.8 and macOS 12.7 which fixes the same WebKit venerability and the same kernel panic but not the memory security issues.

 

Under Apple's policy the above scenario can and does happen (notable examples include macOS 10.14 and 10.15 having fixes within updates withheld where those updates were also released for macOS 11) but with different specifics and facts.

4 hours ago, LAwLz said:

If you are on iOS 15 and search for updates, you will not be offered version 15.1 if version 16 is out. You will download version 16, and that includes all the security updates.

 

 

I feel like a lot of people reading this thread thinks that Apple are withholding security updates, making it impossible for users to get them. They aren't.

They're withholding the contents of some security updates by refusing to patch known issues on older supported versions of macOS and IOS.

4 hours ago, LAwLz said:

What the news says is that if you want the latest security updates you also have to update the OS to the latest version. I feel like this is a nothing burger.

 

The entire news topic exists because they aren't releasing updates to the older versions. That is what some people are complaining about, that they don't get the option to install version 15.1 (as an example) and are instead forced to update to 16 if they want some patches that theoretically could be included in a non-existing 15.1 update.

 

 

 

I think that would be a valid comparison except:

1) The updates from Windows 10 to Windows 11 are not as well received as the updates from for example iOS 15 to iOS 16. Telling users "sorry, but you have to run the latest OS to get the latest patches" is not as big of a deal if people actually want to upgrade to the latest OS. The same can not be said for Windows.

 

2) Microsoft has to develop the patches for the older versions of Windows anyway because there will always be a ton of people who can't upgrade to version X or Y or Z. So they have to put in the time and effort to backport security fixes to older versions regardless. On an OS like iOS, there is no need for Apple to develop a special patch for version 15 because pretty much everyone on iOS 15 can, want and will upgrade to version 16 where the security issue is fixed.

 

3) The security in Windows a way bigger issue than on iOS. Fixing security issues is always important, but it is a scale. Windows is about the most attacked and vulnerable OS we got. It is very important that it is up to date. On iOS however, the exploits are much rarer and those that exist are often very hard to pull off. There is simply not as big of a need to patch issues on iOS as there is on Windows.

 

4) We have a very strong historical precedent for patches to be released on older versions of Windows, and we don't have the same history with iOS. Like it or not, having something taken away from you feels worse than if you never got it to begin with. 

 

 

I think those 4 points are very important and why I am okay with this iOS policy, but not if a similar policy was applied to Windows. 

 

[rikitikitavi]

30 minutes ago, LAwLz said:

If you are on iOS 15 and search for updates, you will not be offered version 15.1 if version 16 is out. You will download version 16, and that includes all the security updates.

You are given a choice (at least within whatever period):

 

33 minutes ago, LAwLz said:

I feel like a lot of people reading this thread thinks that Apple are withholding security updates, making it impossible for users to get them. They aren't. What the news says is that if you want the latest security updates you also have to update the OS to the latest version. I feel like this is a nothing burger.

Or...

- not familiar with mostly hassle free update/upgrade (Windows)

- think that device support are dropped every upgrade

- think that there are good reasons to stay on previous iOS (breaking change, slowdown/obsolescence)

[Dracarris]

2 hours ago, AluminiumTech said:

Under Apple's policy the above scenario can and does happen (notable examples include macOS 10.14 and 10.15 having fixes within updates withheld where those updates were also released for macOS 11) but with different specifics and facts.

Which fixes are those? Since macOS 11 (Big Sur) dropped support for some devices that were supported under 10.14 and 10.15.

[Just that Mario]

12 hours ago, Arika S said:

Would you still be saying the same thing if Microsoft stopped updating and patching Windows 10 on all PCs that could upgrade to Windows 11?

 

Haven't people been complaining each time there's a new Windows OS about how Microsoft forces them to try and upgrade with notifications and pop ups?

Windows generational leaps and OSX are not really comparable in this regard. For OSX such updates are regular one click updates. To jump from one generation of Windows to another, you're going to have a lot more trouble.

And who really cares when a decade old OS gets updates or not. Users of those versions should be grateful they receive any kind of updates.

[mr moose]

Just now, Just that Mario said:

Windows generational leaps and OSX are not really comparable in this regard. For OSX such updates are regular one click updates. To jump from one generation of Windows to another, you're going to have a lot more trouble.

Comparing upgrades/updates between mac and windows is not the issue nor was it the question, the question was if MS withheld security updates for windows 10 (simply because windows 11 was available) would you still consider this an acceptable practice?   Especially when the consumer is told windows 10 is supported that it would be expected that security is a priority inclusion in said support.

 

Just because something is easy to do doesn't mean everyone does it and it also doesn't mean withholding security updates on a system the consumers is lead to believe is fully supported is acceptable.

[Just that Mario]

8 minutes ago, mr moose said:

Comparing upgrades/updates between mac and windows is not the issue nor was it the question, the question was if MS withheld security updates for windows 10 (simply because windows 11 was available) would you still consider this an acceptable practice?   Especially when the consumer is told windows 10 is supported that it would be expected that security is a priority inclusion in said support.

 

Just because something is easy to do doesn't mean everyone does it and it also doesn't mean withholding security updates on a system the consumers is lead to believe is fully supported is acceptable.

How the update(s) are applied is very relevant. There have been updates for Windows in past that required you to download previous updates. If you can't be arsed to do that, then that's on you. You cannot realistically expect infinite support for everything. Software pretty much always goes forward in versions. Exclusive long term backwards compatibility and X version support is not a realistic expectation.

This entire topic seems to be nothing but sh*ttalking and making non-issue into a issue, because "ApPlE bAd" and because "what if...". Reality is that what if you want to use an specific old version of OS and refuse to update, but still want the latest specific update for your specific OS version you simply update your damn OS or f*ck off and go touch some grass? May be hard concept for some, but world doesn't revolve around you nor your specific needs and wants.

[mr moose]

18 minutes ago, Just that Mario said:

How the update(s) are applied is very relevant. There have been updates for Windows in past that required you to download previous updates. If you can't be arsed to do that, then that's on you. You cannot realistically expect infinite support for everything. Software pretty much always goes forward in versions. Exclusive long term backwards compatibility and X version support is not a realistic expectation.

 

How they are applied is moot.  Either the practice of leaving out security patches is ok or it isn't. 

 

It's a yes/no question, is it ok for MS to withhold some security updates for win10?

 

If so why? and if not then why does apple get a free pass?

 

18 minutes ago, Just that Mario said:

This entire topic seems to be nothing but sh*ttalking and making non-issue into a issue, because "ApPlE bAd" and because "what if...". Reality is that what if you want to use an specific old version of OS and refuse to update, but still want the latest specific update for your specific OS version you simply update your damn OS or f*ck off and go touch some grass? May be hard concept for some, but world doesn't revolve around you nor your specific needs and wants.

Nope, that's just a way to avoid discussing the topic.  The issue is not so much what the consumer wants but what the consumer understands with regard to the service they are getting.   The only way you could argue this to be a non issue was if you where to prove that when consumers are told their current OS is supported,  that they some how innately know without being told that said support doesn't include some security updates.   That is quite an assumption to make given it flies counter to logic and marketing material.

 

And no amount of calling people shit talkers is going to make your argument more rational.