There’s bad news for Mac users who aren’t planning (or aren’t able) to update their copies of OS X to 10.10.3.
You are at risk from a serious security bug, that could be exploited by malicious hackers to crowbar open a backdoor into your computer.
And that means that criminals could take complete control of your iMac or MacBook, stealing information, planting malware, and spying on your activities.
The security flaw is one that we have discussed on the Mac Security blog before: the so-called “Rootpipe” privilege escalation bug (CVE-2015-1130).
The good news is that Apple patched the vulnerability in its code in last week’s OS X 10.10.3 update.
But there is bad news, too.
Apple’s engineers in Cupertino, it appears, have decided that backporting the bug fix into older versions of OS X is too much like hard work.
“Apple indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older.”
The problem is, of course, that if Apple itself can’t fix its legacy code because it’s too tricky, there’s little chance that anyone else will. In short, earlier versions of OS X aren’t going to get fixed.
Which means that if you are unable to upgrade the version of OS X on your computer, you have been left—somewhat precariously—in the lurch.
Some reports claim that over 50% of Mac users are already using OS X Yosemite, which is encouraging—but that still means that approximately half of all Macs out there are running a vulnerable version of the operating system, which could potentially be exploited by hackers.
In the opinion of security researcher Emil Kvarnhammar, there is only one good piece of advice that can be offered to vulnerable Mac users:
“Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. We recommend that all users upgrade to 10.10.3.”
I would certainly agree with that. If there is any way that you can update your Macs to 10.10.3, do so now, because Kvarnhammar says that he will be fully disclosing all details of the Rootpipe vulnerability at the end of May at a Swedish security conference.
In short, the clock is ticking for users of older versions of OS X, and it wouldn’t be at all surprising to see hackers attempt to exploit the flaw.
Against that backdrop, it does seem reasonable to ask the following question: Should Apple have tried harder to protect users of older versions of OS X?
Or is it acceptable for Apple to only support those who are using the latest-and-greatest version, and thumb their noses at those who can’t (or won’t) upgrade to Yosemite?
What do you think? Leave a comment with your point of view below.