Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is the manglish used regarding the 15.3.1 update coded language?

iMac'd

iMac'd

macrumors member
Original poster
Nov 18, 2021
83
19
In the details provided in System Settings there were about 60 lines of info. There was/is one line: "For information on the security content of Apple software updates, please visit this website": https://support.apple.com/100100". This is a general statement so in plain English the whole thing is stating that there are no security updates in this one but when there is - then use the link. Elsewhere it's clearly indicated that 15.3.1 has "important security ...." so is it very poor communication or some coded way of indicating that the security updates are say only related to very few specialist users or some such.
 
Last edited:
  • Haha
Reactions: cateye
galad said:
No, it just says the entire list of security fixes is available on that page. The same way it has been for 20 years.
Click to expand...
And on that linked page the only reference is: "
macOS Sequoia 15.3.1
This update has no published CVE entries.		macOS Sequoia10 Feb 2025
In the aviation industry anyone who wrote all that - if it were related to flying/maintenance would have their employment terminated owing to the ambiguity. So Apple Inc. keep it a secret; particularly if there are no "published CVE entries" as to whether there are any security elements in an update. Like presumably the vast majority I would presume that any and all updates had some security elements and wouldn't be interested but would just update; it's only because I have some arcane reasons to not want to update unless there are pressing security implications that I've looked into this.
 
  • Haha
Reactions: cateye
  • Like
Reactions: doogm
I realize that I had never read the "Available Updates" popup carefully. Where it reads

This update provides important security fixes and is recommended for all users.

For information on the security content of Apple software updates, please visit this website: https://support.apple.com/100100
Click to expand...

I had thought it read "For information on the security content of this Apple software update." I gotta say that I agree with @iMac'd. Clearly there an implication that the link will describe the "important security fixes" that are included in the patch. Just because there are no published CVE entries, that doesn't mean they aren't obliged to describe the fixes.
 
  • Like
Reactions: bogdanw
Nothing made in the last 10 years or more uses the OpenSSL version shipped with macOS. It's still there only for backward compatibility. OpenSSL doesn't have a stable ABI, so Apple can't even update to the latest release major without breaking all the apps that use it.
 
You are contradicting yourself. If nothing uses, nothing breaks.
I looked and the OpenSSL version in 15.3.1 is still LibreSSL 3.3.6
https://www.intego.com/mac-security...h-multiple-critical-vulnerabilities-in-macos/

From personal experience, the latest versions of bash, curl, openSSL & OpenSSH, can be installed from source on macOS and nothing breaks. Apart from the illusion that Apple cares about macOS security. ;-)

Mickey Jin - “Endless Exploits: The Saga of a macOS Vulnerability Exploited Seven Times”

OpenSSL.jpg
 
That's the cli utility, which is not even openssl anymore, as you can see. I was talking about the openssl library that can be dynamically linked.
 
svenmany said:
I realize that I had never read the "Available Updates" popup carefully. Where it reads



I had thought it read "For information on the security content of this Apple software update." I gotta say that I agree with @iMac'd. Clearly there an implication that the link will describe the "important security fixes" that are included in the patch. Just because there are no published CVE entries, that doesn't mean they aren't obliged to describe the fixes.
Click to expand...
Maybe I'll try and pass on the feedback to Apple sometime but right now I'm too tired having spent about 10 mins trying to find some way to post in this Forum; someone has done an excellent job of hiding it; I could search for a Help screen but unless there are no readily available alternatives I think it's better to leave sites with secret methodologies to those who have found the keys.
 
iMac'd said:
Maybe I'll try and pass on the feedback to Apple sometime but right now I'm too tired having spent about 10 mins trying to find some way to post in this Forum; someone has done an excellent job of hiding it; I could search for a Help screen but unless there are no readily available alternatives I think it's better to leave sites with secret methodologies to those who have found the keys.
Click to expand...

Another option is to provide feedback here

www.apple.com

Feedback - macOS

Apple wants to hear from you. Send us your comments and feedback about macOS.
www.apple.com
 
  • Like
Reactions: iMac'd
It's very possible that there has been a security incident reported to Apple that is either a zero-day or has a high potential of being exploited merely by publishing a description of the issue so the entity reporting has delayed notification (it's typical I believe to give 90 days) to give Apple and macOS users enough time to get patched before the CVE is published.
 
  • Like
Reactions: iMac'd
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back