Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is macOS Big Sur dead?

camelia

camelia

macrumors 6502a
Original poster
Apr 3, 2015
714
123
Mexico City
We will see Big Sur 11.6.9 or macOS Big Sur 11.6.8 (20G730) is the final download?
We will have updates of version macOS Big Sur 11.6.8 (20G730)?

Thanks
Camelia
 
Makisupa Policeman

Makisupa Policeman

macrumors 6502
Sep 28, 2021
488
354
Based on the previous couple of OS’s release history (Mojave and Catalina) being much shorter than Big Sur, 11.6.8 is probably the last release. But it should receive security updates until at least late 2023.
 
  • Love
Reactions: camelia
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,099
3,011
Buried in those notes it’s the reason we should consider upgrading to Monterey:
CVE-2022-32894 was fixed in Monterey 12.5.1 released on 17 August 2022. https://support.apple.com/HT213413 “Apple is aware of a report that this issue may have been actively exploited.”

So, between 17 August and 12 September, Big Sur users were left by Apple with a know kernel vulnerability that was actively exploited.
 
  • Love
Reactions: camelia
camelia

camelia

macrumors 6502a
Original poster
Apr 3, 2015
714
123
Mexico City
bogdanw said:
Buried in those notes it’s the reason we should consider upgrading to Monterey:
CVE-2022-32894 was fixed in Monterey 12.5.1 released on 17 August 2022. https://support.apple.com/HT213413 “Apple is aware of a report that this issue may have been actively exploited.”

So, between 17 August and 12 September, Big Sur users were left by Apple with a know kernel vulnerability that was actively exploited.
Click to expand...

I cannot upgrade to Monterrey at this moment because my Mac is not compatible and I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
I am very worried about Kernel issue (CVE-2022-32894)

How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?

Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?

www.faronics.com

Deep Freeze for Mac

Download Deep Freeze for Mac. Our Mac reboot to restore software helps protect your Mac OS configuration. Start your 30 Day Free Trial.
www.faronics.com www.faronics.com

Thanks
Camelia
 
S

saudor

macrumors 68000
Jul 18, 2011
1,511
2,114
camelia said:
I cannot upgrade to Monterrey at this moment because my Mac is not compatible and I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
I am very worried about Kernel issue (CVE-2022-32894)

How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?

Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?


Thanks
Camelia
Click to expand...
CVE-2022-32894 is fixed with big sur 11.7 - it's in the release notes. You shouldnt need to use 3rd party software. BS is still supported for another year and the webkit issue was patched much earlier. When BS falls out of support, you can always switch to 3rd party browsers
 
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,099
3,011
camelia said:
How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?
Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?
Click to expand...
The risk for a careful user, like yourself, is considered very low.
I’ve talked about this before https://forums.macrumors.com/threads/security-updates.2352472/

saudor said:
BS is still supported for another year and the webkit issue was patched much earlier. When BS falls out of support, you can always switch to 3rd party browsers
Click to expand...
“supported” is an empty word in this case.
Apple doesn’t release any “end of life” or “support” timeline for macOS.
In contrast, here is Microsoft’s page about Windows 10 Home and Pro https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro

I wouldn't call “support” patching an actively exploited vulnerability one month, or more, after it was publicly disclosed. Few people would.
 
S

saudor

macrumors 68000
Jul 18, 2011
1,511
2,114
bogdanw said:
The risk for a careful user, like yourself, is considered very low.
I’ve talked about this before https://forums.macrumors.com/threads/security-updates.2352472/


“supported” is an empty word in this case.
Apple doesn’t release any “end of life” or “support” timeline for macOS.
In contrast, here is Microsoft’s page about Windows 10 Home and Pro https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro

I wouldn't call “support” patching an actively exploited vulnerability one month, or more, after it was publicly disclosed. Few people would.
Click to expand...
That’s your viewpoint though. Poor support is still technically support. The popular entry point for that kernel exploit through webkit was patched along with the others so Apple must have considered it “good enough” considering they even patched iO12 faster. Since like you said, apple doesn’t publish any timeframes, all we have is what’s happened in the past. Even with windows, it’s unlikely they’re patching everything in a timely manner every time but that doesn’t mean there is no support.

In either case with OP, there is no choice other than doing an “unsupported” upgrade which if not done properly, can lead to issues. There’s people running high sierra, windows 7, own an android phone more than 2 years old and they’re not all getting automatically hacked. While there are exceptions like WannaCry, the average joe isn’t simply important enough for a targeted attack and the risk is relatively low provided they are using updated browsers to visit safe websites and not sketchy ones. An internet security package could help but even then there’s no guarantees.
 
L

LinMac

macrumors 65816
Oct 28, 2007
1,269
43
camelia said:
I cannot upgrade to Monterrey at this moment because my Mac is not compatible and I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
I am very worried about Kernel issue (CVE-2022-32894)

How do I know if I an application was able to execute arbitrary code with kernel privileges in my computer yet?

Note: Every time I am browsing on the net my Mac is Frozen using Deep Freeze do you think it can low the risk for now?

www.faronics.com

Deep Freeze for Mac

Download Deep Freeze for Mac. Our Mac reboot to restore software helps protect your Mac OS configuration. Start your 30 Day Free Trial.
www.faronics.com www.faronics.com

Thanks
Camelia
Click to expand...

Security is more a journey than destination or it's more about layers. Let's put it this way. You want to remain dry in the rain or secure from a hack. How do you ensure that you absolutely will not get wet? Well, you can try an umbrella. That alone might get it done. It might not. You can add layers to your defense to make it less likely you get wet. The same applies for security in general. Security and privacy are different too!

First, reduce your attack surface. If you're using Chrome, try Brave with adblocking built in. Less ads and media elements loading means less attacks are likely. You can improve on that as you need.

You can accomplish the same with other browsers like Firefox with uBlock Origin. Safari isn't recommended as third party browsers have better plugin support for blocking ads or other annoyances like tracking. All that improves your security.

Second, review your active defenses. ESET Antivirus for MacOS/Windows is a solid option that comes up on Slickdeals on sale sometimes. If you browse a lot of questionable areas of the internet, a VPN from Mullvad or similar can hide your original IP. It all depends what you need.

Third, verify your local WiFi router is up to date if it isn't provided by the cable/phone company built in as part of the modem. Check to ensure all WiFi connected devices are still getting updates like your AppleTV or similar. Consider removing the Smart TVs from your network and use streaming boxes like AppleTVs instead due to security.

Security is a lot more than just one app on one computer. You can use ESET plus other malware prevention and a lot more, but it won't make much difference if you don't trust the network. That is why you can use a VPN, verify your network router, and similar.
 
  • Like
Reactions: Makisupa Policeman
colourfastt

colourfastt

macrumors 65816
Apr 7, 2009
1,047
964
LinMac said:
Security is more a journey than destination or it's more about layers. Let's put it this way. You want to remain dry in the rain or secure from a hack. How do you ensure that you absolutely will not get wet? Well, you can try an umbrella. That alone might get it done. It might not. You can add layers to your defense to make it less likely you get wet. The same applies for security in general. Security and privacy are different too!

First, reduce your attack surface. If you're using Chrome, try Brave with adblocking built in. Less ads and media elements loading means less attacks are likely. You can improve on that as you need.

You can accomplish the same with other browsers like Firefox with uBlock Origin. Safari isn't recommended as third party browsers have better plugin support for blocking ads or other annoyances like tracking. All that improves your security.

Second, review your active defenses. ESET Antivirus for MacOS/Windows is a solid option that comes up on Slickdeals on sale sometimes. If you browse a lot of questionable areas of the internet, a VPN from Mullvad or similar can hide your original IP. It all depends what you need.

Third, verify your local WiFi router is up to date if it isn't provided by the cable/phone company built in as part of the modem. Check to ensure all WiFi connected devices are still getting updates like your AppleTV or similar. Consider removing the Smart TVs from your network and use streaming boxes like AppleTVs instead due to security.

Security is a lot more than just one app on one computer. You can use ESET plus other malware prevention and a lot more, but it won't make much difference if you don't trust the network. That is why you can use a VPN, verify your network router, and similar.
Click to expand...

I still use my Apple router; unfortunately, there haven't been any software/firmware updates for it in YEARS. It sits behind the router provided by the cable company (my roomie uses that to connect while I use the Apple router), so I assume the cable company's router does get OTA updates.
 
T

tywebb13

macrumors 68040
Apr 21, 2012
3,074
1,738
Makisupa Policeman said:
I stand corrected 😎
Click to expand...
Although Makisupa Policeman was wrong about the point releases stopping now, it was correct to say that Big Sur will probably receive security updates after the point releases stop whenever that may be.

The build is up to 20G912 now with the RC2 version of 11.7.1.

So when the 11.7.1 is released the build should either be 20G912 or slightly higher.

Even after the point releases stop, when the security updates come the build will continue to increase.

In light of all this, I would say no. Big Sur is not dead.
 
Last edited:
  • Like
Reactions: Glideslope and Makisupa Policeman
Jack Neill

Jack Neill

macrumors 68020
Sep 13, 2015
2,272
2,308
San Antonio Texas
camelia said:
I don't have the time to learn how to patch my Mac using OpenCore legacy Patcher's at this moment.
Click to expand...
Its way easier than you think. the GUI version of OCLP is super simple and anyone could use it. I have 12.6 running great with SIP enabled on a 2013 iMac and its just like its native.
 
cusp2011

cusp2011

macrumors newbie
Dec 5, 2008
4
2
Some good news!
I lost the right channel from the headphone jack on my 2015 MacBook Retina awhile back and it was a drag since I'm using that machine as a jukebox hooked into my stereo receiver. I was stuck with using the spotty Bluetooth as a workaround. But, with the upgrade to Big Sur 11.7.1 the right channel is back and both speakers are now pumping out Mahler's Symphony #1 in flac from the headphone jack!
 
  • Like
Reactions: Jack Neill and mindquest
Madhatter32

Madhatter32

macrumors 65816
Apr 17, 2020
1,469
2,934
hanser said:
With the recent release of 11.7.3 Apple seems to stop cutting of older systems from updates after 3 years. Nice.
Click to expand...
I don't think there was ever a three year support model. It is the three most current operating systems -- so Ventura, Monterey, Big Sur -- remain supported with the most current OS getting the most support. Once the next OS is released after Ventura, Big Sur will likely no longer be supported.
 
H

hanser

macrumors 6502
Aug 29, 2013
373
325
You are correct, I was mixing up the versions. Big Sur should regularly get support until autumn 2023
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom