Apple's "3 year" macOS security update policy

1. How long does Apple support macOS?

   "As far as macOS goes, everyone will tell you that Apple supports the current version for about a year before it’s replaced by a new major release, then provides two years of security updates for it. The strange thing about that is Apple doesn’t seem to have committed that to writing, and I’ve searched long and hard for its official policy on many occasions."

2. About the Rosetta translation environment (H/T)

   "macOS Tahoe will be the last release for Intel-based Mac computers. Those systems will continue to receive security updates for 3 years."

3. Apple clarifies security update policy: Only the latest OSes are fully patched

   "Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected."

4. Today’s release of macOS Sequoia brings 70+ new security fixes

   "…Apple delivered a staggering amount of patched bugs/vulnerabilities to Mac users. These are the 76 security patches that come with the first public release of macOS 15 Sequoia."

5. Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina

   "Apple has chosen to leave an estimated 35–40% of all supported Macs in danger of actively exploited vulnerabilities."

6. Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious

   "Confirmed: You need the latest macOS version"

Update

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices:

• Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

• Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700):

  "The fix for CVE-2026-20700 has been provided to iPhone, iPad, Mac, Apple Watch, AppleTV and Apple Vision Pro users that run the most recent versions of the underlying operating systems...Those running older OS branches...must wait for the fix to be backported, which will hopefully be soon."

• Josh Long:

  "Apple ONLY patched CVE-2026-20700 (which was reportedly exploited in the wild) for iOS, iPadOS, macOS, tvOS, watchOS, & visionOS 26.3.

  "⚠️ If you’re still on iOS 18 or earlier, or any macOS before Tahoe, you’re missing out on critically important security updates."

❧ 2025-06-16