[UPDATE: An Apple spokesperson told ZDNet the company has not changed its update policy but said some older OS X versions go unpatched for architectural reasons. Apple declined to respond to a request for more details about their security update policy or for when the most recently disclosed vulnerabilities would be patched in Mountain Lion.]
Macs have never been that popular in the enterprise office. Sure, people love their MacBook Airs and their MacBook Pros, but CIOs usually frown at their price-tags. Still, the shiny Macs laptops have induced some big businesses, including ZDNet's own parent company CBS Interactive, to buy these high-end laptops and, thanks to the Adobe Creative Suite/Creative Cloud, publishing, graphics design, and Web design departments all still use and love their Macs. Well, they do for now. They may not tomorrow because of Apple's lack of security updates for older versions of Mac OS X.
ZDNet Larry Seltzer's found that while Apple announced that Mac OS X 10.9, Mavericks fixed numerous security bugs Apple did not issue these same security fixes for Mountain Lion or other older versions. So far, Apple, as is its wont, hasn't said that they're going to release any either.
Apple used to release security fixes for their older operating system versions. At the least, they'd release them for the version that came before their newest one. It doesn't look they are this time.
We all know what happens when a company reveals security holes don't we? Yes, that's right. We get zero day attacks: Lots and lots of zero day attacks. It's like giving every junior-high hacker in the world a free treasure map.
What's that? The Mac has no security problems? Please, ever hear of the Flashback Trojan? Icefog? Backdoor:OSX/KitM.A? You would have if you'd been paying attention to Apple security. They're all successful Mac malware programs.
No, Macs don't have the dozens of new malware attackers every month that Windows PCs have... yet. But then, we never had a major, widely used Mac OS without the latest security fixes either.
So, if you're running Mountain Lion, you should run, not walk, to your Mac and download Mavericks today. That's no real hardship right? I mean Mavericks is free, so other than the couple of hours it takes to download the multi-Gigabyte update and then install it, updating your operating system isn't going to hurt you is it? Wrong!
Yes, Mavericks looks pretty darn good and the upgrade is, outside of the time it takes, as smooth as silk. I've installed it and I like it.
So, what's the problem? Well, I'll tell you what the problem is. If I'm a CIO, I'm being forced by security concerns to upgrade my users' Macs to an untested operating system. Maybe my company's programs will work with it, maybe they won't. I don't know.
As a CIO all I really know is that Apple is forcing me to choose between opening my Mac desktops to attacks or taking a chance that everyone in my office is going to come screaming to my door with complaints about broken programs. In fact, some of you may already be facing the latter problem since it's been confirmed that if your company uses Google Gmail Internet message access protocol (IMAP) for corporate e-mail you're very likely to run into a show-stopping bug with the Mavericks mail client. Whoops! This is the kind of dilemma that causes CIOs to lose their hair.
This is not a headache any IT manager ever wants to face. So, if Apple really is taking a leaf from their iOS book and no longer supporting their older versions, the long-term answer is to simply start walking away from Apple no matter how pretty their computers are.
Microsoft may really, really want you to move to Windows 8.1, but they're still supporting Windows XP. Linux desktop distributions are constantly delivering security upgrades. Only Apple demands that you either upgrade your PCs to a major unproven upgrade or leave yourself open to attackers. No IT department ever wants to face a choice like this.