Why it matters: With news of a cyber attack in Hong Kong this week, its effectiveness has shown how Apple implements security updates for its various operating systems. It's no surprise that newer versions of the operating system receive security patches first, but instant versions still in use can experience several months of delays for the same patches.
This week Google researchers released a report they describe as a blue hole hacking campaign discovered in Hong Kong in August. Hackers that Google believes are sponsored by the government have planted malware on the websites of a Hong Kong pro-democracy group that installs backdoors on visitors' machines.
Researchers have discovered a macOS vulnerability targeted by hackers and reported it to Apple, but they were unable to fully index it on iOS. Apple patched it on September 23rd on macOS Catalina. However, security researcher Josh Long noted that Apple fixed the same vulnerability in macOS Big Sur on February 1, more than 200 days ago. Big Sur is the macOS version right after Catalina. Apple followed up Big Sur with Monterey, the latest release, last month. p>
Mentioned in Eryeh (https://t.co/ybglJnVwmi) Was. Unmentioned: That's 3,234 days after the #Apple patch the same vulva for Big Sur. AApple, random selection of vulnerabilities you patched in previous #macOS 2 puts customers at risk. https://t.co/rSA1hqewRa- Josh Long (the JoshMeister) (theJoshMeister) November 11, 2021
In late October, Lang also posted infographics to Twitter showing when Apple was released. Security patches for each of the latest versions of macOS, iPadOS, and iOS. They showed that Apple will first fix iOS 15, iPadOS 15 and macOS Monterey, while previous versions will be patched later. At the same time, Lang also wrote an article on the Mac Security Blog, criticizing the upward trend that Apple appears to be making security patches. p>
The latest OS version is obviously preferred for updates, but everyone does. Upgrade to the latest operating system as soon as it is released. Many users may be using outdated hardware that is not compatible with the latest operating system. Ideally, they should also receive important security updates as quickly as possible, although there can be differences in how vulnerabilities affect each version of the operating system. There may be times when a vulnerability might need to be modified differently in one version of an operating system than the previous or newer version. p>
Hong Kong cyberattack shows Apple is using the latest OS versions for security updates