How likely is it for the bad guys to exploit our macs if we dont update to the latest macOS ASAP?

[wirtandi]

Just curious, I am a relatively new Apple customer. Just how likely is it for our macs to be hacked if we dont update to the latest macOS containing the fix for "serious security vulnerability"?

Surely its almost impossible for us to be hacked if we visit big, well known websites, being careful with what we download, and just using common sense in general, right?

I mean I do want to update quickly but I also know there are reports that software updates ruin people's macs so I prefer to wait 1 week or so.

 

[zakarhino]

Minor supplementary security updates usually indicated by the third number in the macOS version (e.g, 10.14.5 where 5 is the third number) are probably wise to install a week or two after release because usually they're just security updates with no major breaking changes. The two week delay gives you time to read about other's experiences with the update that might not be apparent on first install.

Larger updates such as going from last year's macOS 11 to this year's macOS 12 are what cause issues. Same goes for second number changes (11.0 to 11.1 for example).

Generally speaking if you're careful with what you download and interact with you'll be fine even on older versions of macOS. I'm still on 10.14.6 on one of my machines and I've never had issues with malware. It's not impossible to get hacked but I would say it's unlikely if most of your time is spent using either offline software (Logic, Final Cut) or regularly updated software (Chrome, Firefox, Slack, etc.).

If a new major update comes out (macOS 11, macOS 11.3, etc.) I will generally wait a good entire 6 months before starting to explore the option of updating let alone actually updating. There are too many incompatibilities and unforeseen issues that simply don't get surfaced until people have had an opportunity to deep dive into the new OS. In some cases you might not EVER want to update major OS version (e.g, going from 10.15 to 11) if software you rely on doesn't function correctly on the newer version or if the new version contains elements you disagree with.

TL;DR rule of thumb is wait at least 1-2 weeks after a supplementary update (11.3.X), maybe a month or two for secondary updates (11.X.0, 12.X.0) and a lot longer (several months) for bigger updates (11, 12, 13)

 

[Jupiter9]

almost 0% if you don't go to sketchy websites regularly, this "security threat" boogeyman is mostly used to make you update to the latest version

I'm still on High Sierra and nothing ever happened

 

[Ethosik]

Just curious, I am a relatively new Apple customer. Just how likely is it for our macs to be hacked if we dont update to the latest macOS containing the fix for "serious security vulnerability"?

Surely its almost impossible for us to be hacked if we visit big, well known websites, being careful with what we download, and just using common sense in general, right?

I mean I do want to update quickly but I also know there are reports that software updates ruin people's macs so I prefer to wait 1 week or so.

You can wait. Especially if you stay recently updated you will be fine. In fact, I started delaying my Windows 10 updates a couple weeks later since I have had so many issues recently.

I have been impacted from big websites before due to some malicious ads, so keep that in mind that just because its a big website, there can still be issues. This was with Windows though, I have never had an issue on macOS.

I know people do it all the time, and you can especially if you are careful, but I would not advise running an out of support macOS. As long as its supported and you are relatively up to date, you will be fine. Believe me, if there are BIG malware released that Apple addressed, you will hear about it and know to update.

 

[Madhatter32]

Just curious, I am a relatively new Apple customer. Just how likely is it for our macs to be hacked if we dont update to the latest macOS containing the fix for "serious security vulnerability"?

Surely its almost impossible for us to be hacked if we visit big, well known websites, being careful with what we download, and just using common sense in general, right?

I mean I do want to update quickly but I also know there are reports that software updates ruin people's macs so I prefer to wait 1 week or so.

I think the short answer is unlikely (depending on how careful you are) but it is possible. I think the best practice is always to run an OS receiving security updates (Mohave to Big Sur) but that does not mean you are necessarliy at high risk if you do not.

 

[saudor]

You can wait. Especially if you stay recently updated you will be fine. In fact, I started delaying my Windows 10 updates a couple weeks later since I have had so many issues recently.

I have been impacted from big websites before due to some malicious ads, so keep that in mind that just because its a big website, there can still be issues. This was with Windows though, I have never had an issue on macOS.
...

Adblock Extensions like AdGuard (for safari), ublock for everything else are absolutely essential. if you dont visit sketchy sites, then it’s coming from mostly ads.

Also the experience is way better.

If a website proves its worth and vets its ads, then consider whitelisting so they can earn some revenue. For everyone else, it’s block until proven innocent

 

[Fishrrman]

I've been using Macs with "outdated" versions of the OS for many, many years.

I have NEVER been bothered...

I would suggest you get MalwareBytes (free to download and use) and run it regularly.

 

[macintoshmac]

Just curious, I am a relatively new Apple customer. Just how likely is it for our macs to be hacked if we dont update to the latest macOS containing the fix for "serious security vulnerability"?

Surely its almost impossible for us to be hacked if we visit big, well known websites, being careful with what we download, and just using common sense in general, right?

I mean I do want to update quickly but I also know there are reports that software updates ruin people's macs so I prefer to wait 1 week or so.

Ooooh they’re gonna hunt you down and hell’ll break loose!

But seriously, you’re good for a year or two after. I say this much because by then you will really want to upgrade. Security-wise, updates are strong with Apple even years later.

In short, you’re good for as long as you want to stay on the current OS.

 

[gilby101]

Look at your threat model and what mitigations (if any) you want to put in place. For example:

Ransomeware is a threat, low likelihood, but very devastating. Mitigations include: Malware scanners, security updates, latest macOS, and off-site backup. Or, accept the risk and do nothing - if the worst happens just erase everything and start again. There is no right answer.

 

[poked]

Look at your threat model and what mitigations (if any) you want to put in place. For example:

Ransomeware is a threat, low likelihood, but very devastating. Mitigations include: Malware scanners, security updates, latest macOS, and off-site backup. Or, accept the risk and do nothing - if the worst happens just erase everything and start again. There is no right answer.

I’d also like to add adblockers for any sort of phishing ads or malicious pop ups since ads are the most dangerous thing in a MacOS system, because there’s no real way to “get into” a computer that forces most programs/apps to be vetted through the AppStore. Side-loading (downloading an application through the Internet instead of the App Store) also increases your risk. Basically, don’t download anything shady/unsupported and you’ll be a-ok for what you’re doing, OP.