You’ve probably noticed that Apple releases updates to iOS, macOS, watchOS, and tvOS nearly every week these days. iOS 11 and macOS 10.13 High Sierra launched only a few months ago, and we’ve already seen ten updates to iOS and seven updates to macOS. Some of these have been to fix bugs, which is great, but more important quite a few have been prompted by the need for Apple to address security vulnerabilities.
Have you installed all these updates, or have you been procrastinating, tapping that Later link on the iPhone and rejecting your Mac’s notifications? I’m not criticizing, I often times tap on Remind Me Later. All too often those prompts come at inconvenient times, although iOS has gotten better about installing during the night, as long as you plug in your iPhone or iPad.
I know, security is dull. Or rather, security is dull as long as it’s present and active. Things get exciting — and not in a good way — when serious vulnerabilities come to light. You may remember back in November 2017, when it was reported that anyone could gain admin access to any Mac running macOS High Sierra. All they had to do was type root for the username and leave the password field blank. This vulnerability one was so bad that Apple pushed Security Update 2017-001 to every affected Mac and rolled the fix into macOS 10.13.2. Exciting times – again not in a good way.
Part of the problem with security vulnerabilities is that they can be astonishingly complex. You may have heard about the Meltdown and Spectre hardware vulnerabilities discovered in January 2018. They affect nearly all modern computers, regardless of operating system, because they take advantage of a design flaw in the microprocessors. Unfortunately, the bad guys—organized crime, government intelligence agencies, and the like—have the resources to understand and exploit these flaws.
But here’s the thing. Hackers don’t stop. New vulnerabilities are discovered on a daily basis. Patching these is a non-stop endeavor by Apple and other companies. Security is an arms race. The good news is if enough people install those updates quickly enough, the attackers will move on to the next vulnerability. You may recognize this as the herd mentality. If we all keep our devices updated, hackers will move on to less vulnerable devices.
The moral of the story? Always install those minor updates. It’s not so much because you will definitely be targeted if you fail to stay up to date, but because if the Apple community as a whole ceases to be vigilant about upgrading, the dark forces on the Internet will start to see macOS and iOS as low-hanging fruit. As long as most people update relatively quickly, it’s not worthwhile for attackers to put a lot of resources into messing with Macs, iPhones, and iPads. Hackers will focus on other non-Apple devices.
That being said, before you install those updates, make sure to update your backups. It’s unusual for anything significant to go wrong during this sort of system upgrade, but having a fresh backup ensures that if anything does go amiss, you can easily get back to where you were before.