Apple’s iOS 11.4 security update arrives in an iCloud of silence

Apple has released iOS 11.4, presumably with the new 7-day USB shutout feature we wrote about recently.

If the word “presumably” above sound vague, it is, because this particular update didn’t arrive with its usual documentary certainty.

Regular readers will know I’m a proponent of prompt security updates, and that I like to say, “Patch early, patch often,” yet this time I wasn’t first out of the blocks – I found out about the new iOS almost by accident.

That’s because I made a routine visit to SettingsGeneralSoftware Update on my iPhone yesterday, without any notifications from Apple to clue me in.

(Whichever device, operating system or apps you use, and no matter how aggressively and automatically you’ve configured your patching process, it’s worth doing a manual cross-check every so often – just in case you’re out of date but didn’t know it.)

Anyway, there it was: iOS 11.4, ready to install.

Given my public “patch early” proselytising, I could hardly say, “No.”

So I grabbed it and rebooted – all went fine, I am pleased to say, and the installation process felt a lot faster than usual, so I’m as up to date and as well-patched as the fastest and the best Apple fanbuoy amongst us.

However, everything about the security part of iOS 11.4 is still a mystery, to me at least.

I’m signed up to Apple’s security advisory emails, have been for years, and I’ve generally found them timely enough to prod me into being amongst the very first to update, on both my Mac and my iPhone.

This time, nothing.

I jumped to the conclusion that I’d been thrown off the list as an understandable but regrettable side-effect of all the GDPR panic out there.

But signing up again simply provoked an email confirming that I was already on the list, and not to worry.

A trip to Apple’s handy security updates landing page, HT201222, didn’t help much, either.

Presumably there are security fixes in the iOS 11.4 build – not only does it beggar belief that nothing would have come up and been sorted since last time, but also Apple is explictly listing the new version under the heading “security updates”.

More than years ago, we urged Apple as follows:

If anyone at Apple is reading this, please beg your product managers to reorganise their update workflow so that the security notifications go live at the same time as, or before, the actual updates are published. After all, you invite your users to visit [HT201222] from the start; I suggest that it’ll be much easier to persuade people to be early adopters if you have all your informational ducks in a row from the start.

After that, things got much better, with Apple typically getting its security advisories out at the same time as its patches – a vital practice in my opinion, especially given that Apple’s official policy is not to say anything at all about security issue, not a thing, until the patches are ready.

What to do?

Should you update if your phone hasn’t updated itself already?

I’m still saying, “Yes,” but from the tricky position of not having an explictly compelling reason this time other than habit. (Go to SettingsGeneralSoftware Update.)

Should you ask Apple to revisit that security advisory workflow once again, as we did back in 2013?

Why not?