Apple's "3 year" macOS security update policy

1. How long does Apple support macOS?

   "As far as macOS goes, everyone will tell you that Apple supports the current version for about a year before it’s replaced by a new major release, then provides two years of security updates for it. The strange thing about that is Apple doesn’t seem to have committed that to writing, and I’ve searched long and hard for its official policy on many occasions."

2. About the Rosetta translation environment (H/T)

   "macOS Tahoe will be the last release for Intel-based Mac computers. Those systems will continue to receive security updates for 3 years."

3. Apple clarifies security update policy: Only the latest OSes are fully patched

   "Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected."

4. Today’s release of macOS Sequoia brings 70+ new security fixes

   "…Apple delivered a staggering amount of patched bugs/vulnerabilities to Mac users. These are the 76 security patches that come with the first public release of macOS 15 Sequoia."

5. Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina

   "Apple has chosen to leave an estimated 35–40% of all supported Macs in danger of actively exploited vulnerabilities."

6. Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious

   "Confirmed: You need the latest macOS version"

Updates

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices:

• Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

• Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700):

  "The fix for CVE-2026-20700 has been provided to iPhone, iPad, Mac, Apple Watch, AppleTV and Apple Vision Pro users that run the most recent versions of the underlying operating systems...Those running older OS branches...must wait for the fix to be backported, which will hopefully be soon."

• Josh Long:

  "Apple ONLY patched CVE-2026-20700 (which was reportedly exploited in the wild) for iOS, iPadOS, macOS, tvOS, watchOS, & visionOS 26.3.

  "⚠️ If you’re still on iOS 18 or earlier, or any macOS before Tahoe, you’re missing out on critically important security updates."

Someone has publicly leaked an exploit kit that can hack millions of iPhones:

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub.

Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices.

...

“Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products,” O’Rourke said, adding that devices with updated software were not at risk from these reported attacks and that Lockdown Mode would also block these specific attacks.

[Emphases added.]

❧ 2025-06-16