Most active commenters
  • wannacboatmovie(4)
  • wtallis(3)

←back to thread

265 points fortran77 | 11 comments | | HN request time: 2.459s | source | bottom
Show context
acdha ◴[] No.42189685[source]
Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?
replies(3): >>42189761 #>>42189809 #>>42189932 #
justinclift ◴[] No.42189809[source]
Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #
2muchcoffeeman ◴[] No.42189876[source]
There must be millions of Intel Macs still around. Why wouldn’t they update it?
replies(2): >>42189894 #>>42189940 #
wannacboatmovie ◴[] No.42189940[source]
Well for starters, they stopped providing any updates for many perfectly functional Intel Macs years ago for no other reason than planned obsolescence. A side effect of the "they make both the hardware and software that's why it's better" paradigm.

Things like OpenCore Legacy Patcher prove it's possible; they just don't want to.

I don't think anyone feels entitled to new features in perpetuity. Security updates only would be fine thank you.

Don't tell me the richest company in the world can't pay for a couple of developers who just want to rest and vest to take care of and test the legacy platforms. A cushy job and you keep the customers happy.

Ironically the best way to stay safe on these computers is to install Windows or Linux.

replies(3): >>42190072 #>>42190100 #>>42212832 #
1. StressedDev ◴[] No.42190072[source]
Software needs longer support life cycles in general. I find it frustrating that organizations do not support operating systems, hardware, and applications for at least 10 years. Note Apple is one of the better organizations on this. Consumer router companies are notorious for shipping unpatched software. Here is what I would like to see:

1. All hardware and software should come with a highly visible end of support date.

2. All hardware and software should notify people when it is no longer receiving security patches. It should also explain to users why running unpatched software or hardware is dangerous.

replies(2): >>42190425 #>>42191523 #
2. wannacboatmovie ◴[] No.42190425[source]
To my knowledge Apple has never published EOL or support dates in the future. Someone correct me if something has changed in the last few years.
replies(1): >>42190513 #
3. wtallis ◴[] No.42190513[source]
https://support.apple.com/en-us/102772 outlines "vintage" and "obsolete" status for hardware products, with a few exceptions. I'm not aware of a similarly straightforward criteria or comprehensive list for software support periods.
replies(3): >>42190577 #>>42190671 #>>42191439 #
4. wannacboatmovie ◴[] No.42190577{3}[source]
The issue with passing off a list of vintage products as some kind of past tense support schedule is by definition products become vintage when they are added to the list at some arbitrary date.

My expectation is a table of OS versions and EOL dates published in advance. Like nearly every other responsible OS vendor in existence. Apple continuing to get a pass on this in 2024 is abhorrent.

replies(1): >>42190627 #
5. wtallis ◴[] No.42190627{4}[source]
> The issue with passing off a list of vintage products as some kind of past tense support schedule is by definition products become vintage when they are added to the list at some arbitrary date.

If you read some of the text above the product list, you'll see that Apple does publish guidelines about when products can be expected to be added to the list:

> Products are considered vintage when Apple stopped distributing them for sale more than 5 and less than 7 years ago.

> Products are considered obsolete when Apple stopped distributing them for sale more than 7 years ago. Monster-branded Beats products are considered obsolete regardless of when they were purchased.

> Apple discontinues all hardware service for obsolete products, and service providers cannot order parts for obsolete products. Mac laptops may be eligible for an extended battery-only repair period for up to 10 years from when the product was last distributed for sale, subject to parts availability.

So as you can see, it's not arbitrary or unpredictable when a product is going to show up on the vintage product list. The only unpredictable or obscure part of this process is finding out how long an outdated product was still being sold after its successor launched.

replies(1): >>42190933 #
6. philistine ◴[] No.42190671{3}[source]
That list relates strictly to hardware repairs. Vintage macs have often been fully supported software-wise.
replies(1): >>42190715 #
7. wtallis ◴[] No.42190715{4}[source]
Yes, I'm fully aware that the support article I linked to is specifically about hardware support—that's why I mentioned that there isn't a similar list for software support.
8. wannacboatmovie ◴[] No.42190933{5}[source]
Ok, but this is an Apples vs oranges comparison. (Carlos!)

We are talking about software support here.

The vintage products list is specifically targeting hardware support; e.g. how long Apple will keep spare parts in stock. After a set number of years they purge stock and you are SOL going to Chinese third party vendors and places like iFixit for batteries etc.

replies(1): >>42192741 #
9. danieldk ◴[] No.42191439{3}[source]
Samsung nowadays tells you ahead of time how long a phone will get major updates and security updates. I think it's the same with Google Pixel. And they have a list of models and their release schedules:

https://security.samsungmobile.com/workScope.smsb

My qualm with them is though that not all devices are updated at the same time (like iOS/iPadOS/macOS). One phone may get an update the 10th of the month, while another only gets it the 30th. As a result, there is often quite a large window where vulnerabilities are known, but not yet patched (it's even worse with the cheap models that only get quarterly updates).

10. pjmlp ◴[] No.42191523[source]
Which is why having cybersecurity laws and liability in computing is so relevant.
11. vetinari ◴[] No.42192741{6}[source]
Not really; vintage macs turning obsolete are being dropped from the macOS support very reliably. I.e. the 2015 mbp was dropped from 2022 macos release like on the clock.