Security Update 2016-002?

Roadstar

macrumors 68000
Original poster
Sep 24, 2006
1,539
1,864
Vantaa, Finland
The security content in Sierra (https://support.apple.com/en-us/HT207170) got me worried about whether there will be a security update to bring at least most of these fixes to El Capitan at least. I'm currently running Sierra myself, but my wife's aging MacBook got dropped off this year even though it's still perfectly capable for her use (RAM upgrade to 8GB and an SSD helps quite a lot with that). However, if El Capitan is going to have multiple unfixed vulnerabilities, it's really not a way forward. I do wish there's an accompanying security update to bring the fixes also to El Cap soon without requiring an OS update that's not available for the machine in question. Typically all of our hardware has been well within the active support, but now for at least a year we're on a more limited budget, so how long has Apple typically taken with offering possible security updates for older OS versions?
 

slowsafari

macrumors newbie
Feb 23, 2015
26
4
Apple offers typically 3 years support for each OS version.
For example:
10.11.0 -> 10.11.6 in 1 year.
+ 2 years security updates.

If apple won't change this, then except security updates until september 2018.
 
  • Like
Reactions: Roadstar

Roadstar

macrumors 68000
Original poster
Sep 24, 2006
1,539
1,864
Vantaa, Finland
Apple offers typically 3 years support for each OS version.
For example:
10.11.0 -> 10.11.6 in 1 year.
+ 2 years security updates.

If apple won't change this, then except security updates until september 2018.
Yep, I'm just hoping that we don't get only the easy fixes to older versions. For after all, Rootpipe was fixed only to then-current Yosemite, so I'm not currently too convinced about older versions getting proper enough support.
 

Samford

macrumors member
Jan 24, 2011
37
35
On the 24th September Apple released Security Update BETA 2016-02 for 10.11.6. Installed it on my Mac Pro 4,1, it runs well but has broken Nvidia Graphic Web Drivers again.

Strange this update has not appeared to be avaliable for my MacBook Pro 8,2.

HAS IT BEEN PULLED???
 
  • Like
Reactions: Roadstar

Roadstar

macrumors 68000
Original poster
Sep 24, 2006
1,539
1,864
Vantaa, Finland
On the 24th September Apple released Security Update BETA 2016-02 for 10.11.6. Installed it on my Mac Pro 4,1, it runs well but has broken Nvidia Graphic Web Drivers again.

Strange this update has not appeared to be avaliable for my MacBook Pro 8,2.
It's not listed in the updates page either (well, it's a beta). But it's promising to hear they have it on beta so they're at least working on it.
 

Roadstar

macrumors 68000
Original poster
Sep 24, 2006
1,539
1,864
Vantaa, Finland
Almost two weeks since Sierra was released and the security patches are still not available for El Capitan. This is sad :(
 

KALLT

macrumors 603
Sep 23, 2008
5,136
3,183
Usually they combine the entry for the security updates with the accompanying regular release. They have not done this. Security update 002 should include fixes that were included in 10.12.0 and 10.12.1. However, they have yet to confirm this.
 

chrfr

macrumors G3
Jul 11, 2009
9,710
3,570
Usually they combine the entry for the security updates with the accompanying regular release. They have not done this. Security update 002 should include fixes that were included in 10.12.0 and 10.12.1. However, they have yet to confirm this.
The security notes for 10.12.1 include several updates that apply only to 10.12 and others that apply to 10.10.5 and 10.11.6. In the past we've gotten shared security notes for 10.11.x and security updates for 10.9.5 and 10.10.5, so this looks like what Apple has done, but hasn't made it clear that is what's going on.
 

KALLT

macrumors 603
Sep 23, 2008
5,136
3,183
The security notes for 10.12.1 include several updates that apply only to 10.12 and others that apply to 10.10.5 and 10.11.6. In the past we've gotten shared security notes for 10.11.x and security updates for 10.9.5 and 10.10.5, so this looks like what Apple has done, but hasn't made it clear that is what's going on.
The contents of the security notes for 10.12.0 and 10.12.1 suggest that El Capitan should have all the documented fixes that are marked ‘available for: OS X El Capitan v10.11.6’. They probably have to add a separate entry for this, I don’t think we can infer that the 10.12.1 security notes incorporate Security Update 2016–002. It is very strange that Apple has not confirmed anything yet.
 

KALLT

macrumors 603
Sep 23, 2008
5,136
3,183
Well, the security notes for 10.12.0 say that component ‘apache_mod_php’ was addressed by updating PHP to version 5.6.24 and this should be available for El Capitan. However, El Capitan is still stuck on 5.5.38 (/usr/bin/php -v). I am beginning to wonder whether the 002 update was just for 10.12.1 and not for 10.12.0.
 
  • Like
Reactions: Roadstar

Roadstar

macrumors 68000
Original poster
Sep 24, 2006
1,539
1,864
Vantaa, Finland
As expected, 002 only includes the 8 fixes mentioned on this page, none of the dozens of fixes in 10.12.0.
This is sad. Actually, this is both sad and infuriating. Apple is being really irresponsible here. If you're not going to properly support your older OS version, make it clear that only the latest OS will actually stay patched instead of releasing these partial updates to give a false sense of security.
 

chrfr

macrumors G3
Jul 11, 2009
9,710
3,570
This is sad. Actually, this is both sad and infuriating. Apple is being really irresponsible here. If you're not going to properly support your older OS version, make it clear that only the latest OS will actually stay patched instead of releasing these partial updates to give a false sense of security.
This has been Apple's practice for a while. 10.10.5 didn't receive a lot of updates that 10.11 got, either, and so on back along the line.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.