Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is macOS Big Sur dead?
- Thread starter camelia
- Start date
- Sort by reaction score
Makisupa Policeman
macrumors 6502a
bogdanw
macrumors G3
TVreporter
macrumors 68030
I'm staying on Big Sur for my 2019 iMac as long as I can - it has been rock solid and I hate updating and settings get botched or things don't work as smoothly since the new systems are going to be better optimized for M-chip Macs.
bogdanw
macrumors G3
Buried in those notes it’s the reason we should consider upgrading to Monterey:
CVE-2022-32894 was fixed in Monterey 12.5.1 released on 17 August 2022. https://support.apple.com/HT213413 “Apple is aware of a report that this issue may have been actively exploited.”
So, between 17 August and 12 September, Big Sur users were left by Apple with a know kernel vulnerability that was actively exploited.
CVE-2022-32894 was fixed in Monterey 12.5.1 released on 17 August 2022. https://support.apple.com/HT213413 “Apple is aware of a report that this issue may have been actively exploited.”
So, between 17 August and 12 September, Big Sur users were left by Apple with a know kernel vulnerability that was actively exploited.
Makisupa Policeman
macrumors 6502a
I cannot upgrade to Monterrey at this moment because my Mac is not compatible and I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
I am very worried about Kernel issue (CVE-2022-32894)
How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?
Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?
Reboot Restore Software for Mac OSX | Deep Freeze for Mac
Ultimate Mac OS X protection that leverages Apple Remote Desktop for deployment and management.
Thanks
Camelia
CVE-2022-32894 is fixed with big sur 11.7 - it's in the release notes. You shouldnt need to use 3rd party software. BS is still supported for another year and the webkit issue was patched much earlier. When BS falls out of support, you can always switch to 3rd party browsers
bogdanw
macrumors G3
The risk for a careful user, like yourself, is considered very low.
I’ve talked about this before https://forums.macrumors.com/threads/security-updates.2352472/
“supported” is an empty word in this case.
Apple doesn’t release any “end of life” or “support” timeline for macOS.
In contrast, here is Microsoft’s page about Windows 10 Home and Pro https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro
I wouldn't call “support” patching an actively exploited vulnerability one month, or more, after it was publicly disclosed. Few people would.
That’s your viewpoint though. Poor support is still technically support. The popular entry point for that kernel exploit through webkit was patched along with the others so Apple must have considered it “good enough” considering they even patched iO12 faster. Since like you said, apple doesn’t publish any timeframes, all we have is what’s happened in the past. Even with windows, it’s unlikely they’re patching everything in a timely manner every time but that doesn’t mean there is no support.
In either case with OP, there is no choice other than doing an “unsupported” upgrade which if not done properly, can lead to issues. There’s people running high sierra, windows 7, own an android phone more than 2 years old and they’re not all getting automatically hacked. While there are exceptions like WannaCry, the average joe isn’t simply important enough for a targeted attack and the risk is relatively low provided they are using updated browsers to visit safe websites and not sketchy ones. An internet security package could help but even then there’s no guarantees.
I cannot upgrade to Monterrey at this moment because my Mac is not compatible and I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
I am very worried about Kernel issue (CVE-2022-32894)
How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?
Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?
Reboot Restore Software for Mac OSX | Deep Freeze for Mac
Ultimate Mac OS X protection that leverages Apple Remote Desktop for deployment and management.www.faronics.com
Thanks
Camelia
Security is more a journey than destination or it's more about layers. Let's put it this way. You want to remain dry in the rain or secure from a hack. How do you ensure that you absolutely will not get wet? Well, you can try an umbrella. That alone might get it done. It might not. You can add layers to your defense to make it less likely you get wet. The same applies for security in general. Security and privacy are different too!
First, reduce your attack surface. If you're using Chrome, try Brave with adblocking built in. Less ads and media elements loading means less attacks are likely. You can improve on that as you need.
You can accomplish the same with other browsers like Firefox with uBlock Origin. Safari isn't recommended as third party browsers have better plugin support for blocking ads or other annoyances like tracking. All that improves your security.
Second, review your active defenses. ESET Antivirus for MacOS/Windows is a solid option that comes up on Slickdeals on sale sometimes. If you browse a lot of questionable areas of the internet, a VPN from Mullvad or similar can hide your original IP. It all depends what you need.
Third, verify your local WiFi router is up to date if it isn't provided by the cable/phone company built in as part of the modem. Check to ensure all WiFi connected devices are still getting updates like your AppleTV or similar. Consider removing the Smart TVs from your network and use streaming boxes like AppleTVs instead due to security.
Security is a lot more than just one app on one computer. You can use ESET plus other malware prevention and a lot more, but it won't make much difference if you don't trust the network. That is why you can use a VPN, verify your network router, and similar.
colourfastt
macrumors 65816
I still use my Apple router; unfortunately, there haven't been any software/firmware updates for it in YEARS. It sits behind the router provided by the cable company (my roomie uses that to connect while I use the Apple router), so I assume the cable company's router does get OTA updates.
Although Makisupa Policeman was wrong about the point releases stopping now, it was correct to say that Big Sur will probably receive security updates after the point releases stop whenever that may be.
The build is up to 20G912 now with the RC2 version of 11.7.1.
So when the 11.7.1 is released the build should either be 20G912 or slightly higher.
Even after the point releases stop, when the security updates come the build will continue to increase.
In light of all this, I would say no. Big Sur is not dead.
Last edited:
Jack Neill
macrumors 68020
Its way easier than you think. the GUI version of OCLP is super simple and anyone could use it. I have 12.6 running great with SIP enabled on a 2013 iMac and its just like its native.
bogdanw
macrumors G3
macOS Big Sur 11.7.1 https://support.apple.com/kb/HT213493 released in the same day as Monterey 12.6.1 and Ventura 13.0. Has Apple understood the importance of security updates or is 11.7.1 Big Sur’s swan song? 🙂
+ Safari 16.1 for macOS Big Sur https://support.apple.com/kb/HT213495
+ Safari 16.1 for macOS Big Sur https://support.apple.com/kb/HT213495
Glideslope
macrumors G3
cusp2011
macrumors newbie
Some good news!
I lost the right channel from the headphone jack on my 2015 MacBook Retina awhile back and it was a drag since I'm using that machine as a jukebox hooked into my stereo receiver. I was stuck with using the spotty Bluetooth as a workaround. But, with the upgrade to Big Sur 11.7.1 the right channel is back and both speakers are now pumping out Mahler's Symphony #1 in flac from the headphone jack!
I lost the right channel from the headphone jack on my 2015 MacBook Retina awhile back and it was a drag since I'm using that machine as a jukebox hooked into my stereo receiver. I was stuck with using the spotty Bluetooth as a workaround. But, with the upgrade to Big Sur 11.7.1 the right channel is back and both speakers are now pumping out Mahler's Symphony #1 in flac from the headphone jack!
bogdanw
macrumors G3
And now we know:
"Apple clarifies security update policy: Only the latest OSes are fully patched"
https://arstechnica.com/gadgets/202...olicy-only-the-latest-oses-are-fully-patched/
"Apple clarifies security update policy: Only the latest OSes are fully patched"
https://arstechnica.com/gadgets/202...olicy-only-the-latest-oses-are-fully-patched/
With the recent release of 11.7.3 Apple seems to stop cutting of older systems from updates after 3 years. Nice.
Madhatter32
macrumors 68000
I don't think there was ever a three year support model. It is the three most current operating systems -- so Ventura, Monterey, Big Sur -- remain supported with the most current OS getting the most support. Once the next OS is released after Ventura, Big Sur will likely no longer be supported.
You are correct, I was mixing up the versions. Big Sur should regularly get support until autumn 2023