What security updates does my macOS get?
Security updates cover a wide range of improvements Apple provides for macOS. This article distinguishes the different types of update that each version of macOS now receives, and points out shortcomings that you should be aware of when deciding how to use that version of macOS. However, the most important factor in every Mac’s security is its user. While there are methods of attacking Macs that remain isolated from networks and external apps and files, the greatest dangers arise from what you do online, and with apps and files you obtain elsewhere.
What update?
Apple fixes two classes of bugs in macOS: those resulting in security vulnerabilities, and those that don’t appear to have any security consequences. Security fixes are normally provided in full for only the current release of macOS (Sonoma), while some are also fixed in the previous two major versions (Ventura and Monterey). General fixes are normally only provided for the current release, although there are a few exceptions where Apple has fixed more serious bugs in older versions.
In addition to fixing bugs in macOS, Apple also releases updates to the data used by the security tools it builds into macOS. For example, XProtect has been provided as part of macOS since before El Capitan. To detect malware in the apps it scans as part of Gatekeeper checks, XProtect uses a set of malware detection signatures. The files containing those signatures and other security rules are updated periodically, and all versions of macOS that include XProtect can install them, and benefit from those updates.
The older tool designed to detect and remove malicious software, MRT, also used to be updated periodically. But that has been replaced in Catalina and more recent macOS by a newer scanner, XProtect Remediator. As a result, although MRT may remain installed on a Mac, it hasn’t been updated for well over a year, and isn’t effective at dealing with more recent malware.
Sonoma
As the current release of macOS, until macOS 15 next year, Apple provides the most timely and comprehensive security and other bug fixes for Sonoma. Where it can release urgent fixes, before they’re incorporated into a full macOS update, macOS 14 is likely to get some as Rapid Security Responses (RSRs) as well.
Sonoma also has the benefit of all the latest security tools inside macOS. It has the traditional form of XProtect to check apps for signs of known malware, the new XProtect Remediator to scan daily or more often for other signs of malware and ‘remediate’ your Mac if they’re found, and the very latest behavioural version of XProtect, which is expected to go live in the coming months.
Ventura
As the previous major release of macOS, Apple stopped fixing non-security bugs in macOS 13 at the end of the summer (2023). Although it’s not unheard of, you’re very unlikely to see any more general fixes. Ventura should continue to receive plenty of security fixes, but not all of those fixed in Sonoma will be carried over into Ventura. Apple’s current policy on RSRs is that “new Rapid Security Responses are delivered only for the latest versions of iOS, iPadOS, and macOS”, although when those same fixes are incorporated into the next macOS security update, Ventura is likely (but not guaranteed) to be included.
At the moment, Ventura has the same security tools as Sonoma, including traditional XProtect, XProtect Remediator, and the newest behavioural form of XProtect. What we don’t know yet is whether the latter will start providing live protection against malware, should that happen in Sonoma, or will continue to log potentially malicious behaviour without intervening.
Provided that you keep Ventura up to date for security and security tool updates, it should provide almost as good protection, perhaps not as rapidly at times, though.
Monterey
This has now been in security-only maintenance for just over a year, during which it has received fewer fixes than Ventura. As the oldest supported major version of macOS now, it hasn’t had any general bug fixes for over a year, and is steadily falling behind.
It has both main forms of XProtect, traditional and XProtect Remediator, but not the newest behavioural form, and seems unlikely to get that.
The gap in security protection between Monterey and Sonoma is already growing wider, and by the time that support is withdrawn from macOS 12 next summer, it will have many unfixed vulnerabilities. If you can upgrade to either of the more recent versions of macOS, this is a good time to do so. If you can’t, it should still be possible to run Monterey with a degree of safety, as it does still receive Safari updates, for example. Ensure you install those, and increase your online vigilance.
Big Sur and Catalina
Big Sur received its final security update to macOS in September 2023, and Catalina over a year earlier, in July 2022. Although Big Sur does use the same Signed System Volume protection as Sonoma, Catalina can’t provide the same degree of protection for its System volume.
Both benefit from classic XProtect and the newer XProtect Remediator, and provided you keep those up to date, they should effectively detect and remove malware. Neither is a likely candidate to be enhanced with behavioural XProtect, though.
While Apple has released Safari version 17 for Monterey and later, Big Sur can only run version 16.6.1, and Catalina is stuck a whole version behind, at 15.6.1. That’s significant, as it means that they lack the security fixes brought in newer releases. As your browser can be the only protection standing between your Mac and malicious software, you should consider this carefully, perhaps by changing to another secure browser that still receives full support. The current version of Firefox, for example, can run on any version of macOS from 10.12 Sierra upwards.
If you’re going to access the Internet and open apps and files from beyond the confines of your Mac, then running Big Sur or Catalina puts greater responsibility on you to protect yourself.
High Sierra and Mojave
Mojave received its final security update in July 2021, and High Sierra in November 2020. They’re both full of vulnerabilities, and as their system files aren’t separated and protected in the way that more recent versions of macOS are, malicious code could tamper with system files.
Both do still receive and use updates to the data used by XProtect, though, which may help them detect recent malware as long as you keep XProtect’s data up to date.
With their older versions of Safari, you’d be well advised to switch to Firefox or another browser that’s still maintained. Even so, your cautious behaviour is just about their only remaining security protection, and that Mac might be better put to work as a local server, rather than at the frontline.
Sierra and earlier
Sierra’s final security update was in September 2019, although Sierra and El Capitan should still receive XProtect updates. It’s also the oldest version of macOS still supported by the current release of Firefox. Use online only if you have no other option, and only visit known safe sites. Even then you can’t afford to drop your guard.
SilentKnight
If you’re using my free utility SilentKnight to keep your Mac up to date with XProtect’s data and other security data, ensure that you’re using version 2.6 on macOS Catalina and later, and version 1.21 on El Capitan to Mojave. Although SilentKnight does inform you when updates are available, if you’re running version 1.x then it won’t tell you about version 2, to avoid annoying those who are still using the older version on Mojave and earlier.