Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
We’ve written about the uncertainty of Apple’s security update process many times before.
We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them…
…but without even the vaguest description of what sort of criminals, and what they were up to, which would at least help to round out the story.
Our approach has therefore been simply to assume the worst, and to infer that the story that Apple wasn’t telling ran something like this: “Devices analyzed in the wild found to have hidden spyware implanted by unknown threat actors.”
And we’ve therefore followed our own rhyming advice of: Do not delay/Simply do it today.
We’ve had updates arrive for the very latest macOS and iOS versions, but with nothing for earlier supported versions, with no mention of whether those devices were immune by good fortune, at risk but left in limbo for a while, or at risk but never going to be fixed.
Sometimes, those older versions have received their own patches for exactly the same zero-day holes, without explanation, days or weeks later.
At other times, the next updates for those older versions have at least implied that the zero-day holes didn’t affect them after all.