- Jul 27, 2015
- 5,456
On the surface, this incident is a relatively unremarkable example of security updates working as they ought to. Vulnerability is discovered in the wild, vulnerability is reported to the company that is responsible for the software, and vulnerability is patched, all in the space of about a month. The problem, as noted by Intego chief security analyst Joshua Long, is that the exact same CVE was patched in macOS Big Sur version 11.2, released all the way back on February 1, 2021. That's a 234-day gap, despite the fact that Apple was and is still actively updating both versions of macOS.
PSA: Apple isn’t actually patching all the security holes in older versions of macOS
Big Sur got a fix 234 days before Catalina did, although both are supported.
arstechnica.com