Why it matters: As news of a cyberattack in Hong Kong flowed today, its efficiency exposed an inconsistency in how Apple presses security updates for its various os. It’s not unexpected that the most recent OS variations get security spots initially, however the instantly preceding variations, still in large usage, can deal with months-long hold-ups for those exact same spots.
This week, Google scientists released a report detailing what they referred to as a watering hole hacking project coming from Hong Kong found in August. Hackers, whom Google believes were state-backed, implanted malware in the sites of a Hong Kong pro-democracy group, which would set up backdoors on visitors’ gadgets.
The scientists found the macOS vulnerability the hackers targeted and reported it to Apple, however they could not entirely profile it in iOS. Apple covered it on September 23 on macOS Catalina. Security scientist Josh Long pointed out that Apple covered this very same vulnerability in macOS Big Sur on February 1, over 200 days previously. Huge Sur is the variation of macOS right away following Catalina. Apple followed up Big Sur with Monterey, the current variation, last month.
Mentioned in @eryeh’s writeup (https://t.co/ybglJnVwmi), this wasn’t covered for Catalina up until Sept23 NOT pointed out: This was234 days after #Apple covered the exact same vuln for Big Sur. @Apple, arbitrarily selecting which vulns you spot for 2 previous #macOS threatens consumers. https://t.co/rSA1hqewRa
— Josh Long (the JoshMeister) (@theJoshMeister) November 11, 2021
In late October, Long likewise published some charts on Twitter revealing the times at which Apple launched its security spots for each of the most current variations of macOS, iPadOS, and iOS. They reveal Apple covering iOS 15, iPadOS 15, and macOS Monterey initially, while earlier variations get covered later on. Around that time, Long likewise composed a piece on The Mac Security Blog slamming this stepped procedure Apple appears to be requiring to security spots.
Favoring the most recent variation of an os for updates is apparent, however everybody does not instantly update to the most recent OS as quickly as it’s launched. Numerous users might be on older hardware that isn’t suitable with the latest OS. Preferably, they ought to likewise get vital security updates as quickly as possible, however, there might be distinctions in how vulnerabilities impact each OS variation. There might be cases in which a vulnerability may require a various repair in one OS variation versus the instantly preceding or prospering one.