Apple Retires Support Leaving 20% Of Macs Vulnerable

The New Acunetix V12 Engine


There’s been a lot of news and scrambling lately related to the Apple SSL vulnerability, and this week Apple announced it would no longer be supporting OS X 10.6 AKA Snow Leopard.

It looks like Lion and Mountain Lion will be supported for a while, and an upgrade to Mavericks is free, so there’s no real reason not to.

The free upgrade path seems to be working fairly well for them, with 42% of all versions of OS X used in January being attributed to Mavericks.

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.

As Apple issued an update for Mavericks, or OS X 10.9, as well as for its two predecessors, Mountain Lion (10.8) and Lion (10.7), Apple had nothing for Snow Leopard or its owners yesterday.

Snow Leopard was also ignored in December, when Apple patched Safari 6 and 7 for newer editions of OS X, but did not update Safari 5.1.10, the most-current Apple browser for the OS.

Apple delivered the final security update for Snow Leopard in September 2013.

Traditionally, Apple has patched only the OS X editions designated as “n” and “n-1” — where “n” is the newest — and discarded support for “n-2” either before the launch of “n” or immediately after. Under that plan, Snow Leopard was “n-2” when Mountain Lion shipped in mid-2012, and by rights should have been retired around then.

But it wasn’t. Instead, Apple continued to ship security updates for Snow Leopard, and with Tuesday’s patches of Mountain Lion and Lion Tuesday, it now seems plain that Apple has shifted to supporting “n-2” as well as “n” and “n-1.”

(In that scenario, Mavericks is now “n,” Mountain Lion is “n-1” and Lion is “n-2.”)

The change was probably due to Apple’s accelerated development and release schedule for OS X, which now promises annual upgrades. The shorter span between editions meant that unless Apple extended its support lifecycle, Lion would have fallen off the list about two years after its July 2011 launch.


Apple only used to support the current product and the release before that, but Snow Leopard has been supported far longer than that – which indicates they are now probably supporting the current release and the two before that.

Though they haven’t really released any formal statements about support, end of life procedures or timelines. They do have an accelerated release timeline now so it does make sense for them to support more previous releases.

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn’t, leaving users to guess about when their operating systems will fall off support.

“Let’s face it, Apple doesn’t go out of their way to ensure users are aware when products are going end of life,” said Andrew Storms, director of DevOps at security company CloudPassage, in a December interview.

To Apple, Snow Leopard increasingly looks like Windows XP does to Microsoft: an operating system that refuses to roll over and die. At the end of January, 19% of all Macs were running Snow Leopard, slightly more, in fact, than ran its successor, Lion, which accounted for 16%, and almost as much as Mountain Lion, whose user share plummeted once Mavericks arrived, according to Web analytics firm Net Applications.

With Snow Leopard’s retirement, 1 in 5 Macs are running an operating system that could be compromised because of unpatched vulnerabilities.

Snow Leopard users have given many reasons for hanging on, including some identical to those expressed by Windows XP customers: The OS still works fine for them; their Macs, while old, show no sign of quitting; and they dislike the path that Apple’s taken with OS X’s user interface (UI).

If Apple really wants more corporate/enterprise support – they really need to come out with some formal policies for support and end of life. Also they could really use some enterprise level tools for delivering patches/OS upgrades.

On top of that we also have a whole lot of people who choose not to upgrade for whatever reason (the same folks still using Windows XP) – who will become vulnerable at some point.

Source: Network World

Posted in: Apple

, , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


2 Responses to Apple Retires Support Leaving 20% Of Macs Vulnerable

  1. Jeff Pettorino March 2, 2014 at 1:04 pm #

    There is _one_ reason not to upgrade to Mavericks. It runs like crap on older hardware. My 4 year old Mac Mini runs slow as a dog with Mavericks.

    • Darknet March 2, 2014 at 3:11 pm #

      Ah, I say install OpenELEC on it and use it as a media centre :D