82% of enterprise Mac users not getting security updates

Apple109-250Last week I saw a post by Computerworld journalist Gregg Keizer about the fragmentation of OS X versions and how it flew in the face of Apple’s plans to unite users onto OS X Mavericks.

I have worked with Gregg for years and immediately began to think of the security implications.

Paul Ducklin wrote of the security fixes included in Mavericks, but strangely it appeared that Apple had not released similar fixes for OS X 10.6, 10.7 and 10.8.

The Net Applications data Gregg quoted was interesting, but I thought I would look into how Sophos customers have approached Mavericks.

Enterprise IT departments are often far more hesitant to deploy new operating system versions quickly and this time it might come along with some rather risky security consequences.


As you can see in the charts, 55% of Sophos Anti-Virus for Mac Home Edition (Free!) users have upgraded to OS X Mavericks, whereas only 18% of enterprise users have jumped on board.

After only 77 days these numbers reflect one of the highest adoption rates of a new OS I have seen. Unfortunately, that may not be good enough.

Without saying it in so many words, or any words for that matter, Apple appears to have stopped releasing security updates for OS X 10.6.8, 10.7.5 and 10.8.5.

It is a nice gesture that OS X 10.9 Mavericks is a free upgrade, but not everyone can upgrade. OS X 10.8 Mountain Lion has only been available for 15 months and is apparently already orphaned.

Microsoft has been taking heat for discontinuing Windows XP after supporting it for more than 12 years. I think Apple might be able to do a little better than 15 months.

If you are an Apple user, please update to OS X Mavericks or if you can’t, perhaps install Windows 7 or Linux.

If you must run an older version of OS X, you may want to follow the advice Duck and I had in a recent Techknow for Windows XP users to minimize the risk of compromise.

(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Apple is famous for the secrecy around its product and service launches. It’s unfortunate it has decided that the safety of Mac users should also require reading tea leaves.