Apple recently released a new version of its Mac operating system, macOS Sierra (version 10.12).
With the release of Sierra, Apple decided to drop support for some Mac models that were supported by several previous releases of the Mac operating system. In other words, just because your Mac was compatible with El Capitan (OS X 10.11), Yosemite (10.10), Mavericks (10.9), or Mountain Lion (10.8) may not necessarily mean that you’ll be able to upgrade to Sierra.
Some Mac models, such as 2007 and 2008 iMacs, are being left behind with El Capitan as their maximum OS version.
Certain older Mac models are still limited to Lion (10.7), which has not been getting security patches since Yosemite was released two years ago. Some early Intel Macs released in 2006 are stuck with Snow Leopard (10.6), which hasn’t received security updates since the release of Mavericks three years ago.
Old Operating System = A Bad Thing
Being stuck on an old version of macOS is not something you can safely ignore.
For one thing, running an old operating system means you won’t receive critical security updates from Apple.
Moreover, many third parties have stopped releasing software updates compatible with older operating systems. For example, the latest versions of Chrome and Firefox won’t run on anything older than Mavericks. For now, Flash and Java also officially support Mavericks and later.
Browsers and plugins are commonly exploited as a means of infecting computers, so it’s critical that these programs—along with the operating systems that run them—stay up to date.
The only security-related update that Apple is continuing to release for Snow Leopard through Mavericks is the XProtect “[un]Safe Downloads List,” which blocks a handful of malicious downloads (although signatures are often added too late to be of much use) and prevents Flash and Java content from running in your browser—if your plug-ins are too outdated and likely to be exploited.
It’s important to note that XProtect updates, while better than nothing, are by themselves insufficient to adequately protect your Mac. Keeping up with the latest macOS updates and using third-party antivirus and security software (might we recommend some?) are important factors in keeping your Mac protected.
Apple does not make any public statements concerning how long it will continue to release XProtect updates, let alone security patches, for any particular Apple software or operating system.
While Microsoft publicly announces its support timetables for Windows and other software, and the Ubuntu Linux company Canonical does likewise, Apple has never given any official notice regarding how long each version of macOS or iOS will continue to receive security updates. Apple has not previously responded to press inquiries about this subject.
What About My Mac?
The good news is that most new Macs sold within the past several years can be upgraded to Sierra.
Following is the list of Macs that can run Sierra, the current and best-supported version of macOS. If your Mac is older than the ones listed directly below, read on for suggestions about what you can do to upgrade to an operating system that’s still getting security patches.
Sierra Capable Macs
macOS Sierra requires one of the following Macs with at least 2 GB of RAM, 8.8 GB of available storage space, and at least OS X Lion:
- iMac (Late 2009 or newer)
- MacBook (Late 2009 or newer)
- MacBook Air (Late 2010 or newer)
- MacBook Pro (Mid 2010 or newer)
- Mac mini (Mid 2010 or newer)
- Mac Pro (Mid 2010 or newer)
If you have a compatible Mac with a version of OS X that predates Lion (for example, Snow Leopard), you will need to download Sierra on another compatible Mac with Lion or later, create a bootable Sierra flash drive or external hard drive (using Apple’s official instructions or the third-party tool DiskMaker X), and do a clean install overwriting the hard drive on your Mac—so be sure to carefully back up all of your files first.
An alternative solution for upgrading a compatible Mac from Snow Leopard to Sierra is to first upgrade to your choice of Lion through El Capitan (if you happen to have a bootable installer from one of those versions of macOS handy, or if you’re able to download one from the Purchased section of the App Store and use DiskMaker X to create a bootable installer), and then do a second upgrade from that macOS version to Sierra. Taking this upgrade path will allow you to preserve your hard drive’s contents.
Before you upgrade, be sure to read our How to Prepare Your Mac for macOS Sierra article for additional advice.
El Capitan Capable Macs
If your Mac can’t run Sierra, there’s still a decent chance that it can run the previous version of macOS, El Capitan, which may continue to receive security updates from Apple for another year or two. El Capitan requires one of the following Macs with at least 2 GB of RAM, 8 GB of available hard drive space, and at least Mac OS X Snow Leopard (version 10.6.8):
- iMac (Mid 2007 or Early 2008)
- MacBook (Late 2008 Aluminum, Early 2009, or Mid 2009)
- MacBook Air (Late 2008 or Mid 2009)
- MacBook Pro (Mid/Late 2007, Early/Late 2008, or Early/Mid 2009)
- Mac mini (Early/Late 2009)
- Mac Pro (Early 2008/2009)
- Xserve (Early 2009)
If your Mac is currently running Mountain Lion, Mavericks, or Yosemite, then it definitely meets the minimum system requirements for running El Capitan (and it might even be Sierra-capable; refer to the previous section).
If El Capitan is the newest version of OS X that will run on your Mac, but you never downloaded it while it was available in the Mac App Store, you won’t be able to find it in the App Store anymore. You may, however, still be able to obtain it by calling 1-800-MY-APPLE; in the past, Apple would send a special code via e-mail that would enable older OS versions to be downloaded from the Mac App Store. You could also try taking your Mac to an Apple Store and ask a Genius for help upgrading to El Capitan.
Macs That Can’t Run Sierra or El Capitan
If your Mac isn’t new enough to run Sierra or even El Capitan, then, unfortunately, it will no longer receive much support from Apple.
Sadly, Apple doesn’t give users any direct warning when their operating system or Mac is no longer supported. Worse, when users check the App Store for updates (or on older Macs when users run Software Update), it misleadingly tells them, “No Updates Available” or “Your software is up to date.” This means that Mac users often have no idea that they’re using unpatched, insecure software that could expose them to drive-by malware installations and other security problems.
“Your software is up to date.” …Except it isn’t.
Lest you think that nobody would bother releasing malware to attack such old systems, in recent years malware has been found in the wild that was designed to attack multiple platforms, and occasionally this malware has contained code capable of infecting old operating systems and even Macs with PowerPC G4/G5 processors (Apple’s processors of choice prior to transitioning to Intel in 2006). This didn’t just happen once; it has happened again and again.
Universal binary malware can run on old Macs, too. (Image credit: Kaspersky)
While Apple boasts about the extremely high percentage of iPhone, iPad, and iPod touch devices that are rapidly upgraded to each major new version of iOS, such is not necessarily the case with Macs and OS X.
Based on the newly released Net Applications data for November 2016, it appears that Sierra has been installed on nearly one third of the Macs that were used for Web browsing last month. Meanwhile, El Capitan, which has been out for over a year and is still being supported, is currently tied with Sierra at one third of the Mac market share, and Yosemite is in third place at just over one-fifth of the active installed base.
All older versions of OS X, though, together comprise more than 14.1% of the Internet-using Mac installed base.
In other words, about 1 in every 7 Macs in use today is no longer getting security updates. This makes non-upgraded or non-upgradeable Macs a potentially significant target (roughly 20 to 30 million computers) for criminals interested in infecting a large quantity of devices.*
Anyone still using a Mac that cannot be upgraded to Sierra, or at least El Capitan, should strongly consider buying new hardware if they can afford it.
What can you do if Sierra is not supported on your Mac and you can’t afford to buy a new computer?
If you have an older Intel Mac, you have several options.
One solution is to set up Boot Camp and install Windows to use as your Mac’s primary operating system. While Apple may not support your Mac anymore, ironically, Microsoft does; Windows 10 still supports systems with 1 GHz processors, 1 or 2 GB of RAM, and 20 GB of available hard drive space.
Alternatively, if you can’t afford to buy a copy of Windows or just can’t stand the thought of running Windows on your Mac, or if you prefer free/libre and open-source software, there are guides online detailing how to install Ubuntu Linux on a Mac.
There are even versions of Ubuntu that are still being made available for PowerPC-based Macs with a G3, G4, or G5 processor. (At the time of this writing, 16.04.1 is the current LTS or “long-term support” version, meaning that it will be supported until 5 years from its original April 2016 release.)
If you can’t afford to buy a brand new Mac, but you do have a little bit of money to spend, you can shop around for used Macs. Just make sure you buy one that’s new enough to support Sierra, so it will hopefully be able to get security updates for a few years.
If you know a Mac user who’s still running an older version of OS X, do them a favor and check to see whether their Mac is capable of running macOS Sierra. If so, help them upgrade. If not, let them know it’s time to strongly consider getting a newer computer.
Of course, informing users about software and hardware that will no longer receive security updates should be primarily Apple’s responsibility—not merely that of security researchers, security blogs, or blog readers. Let’s hope that Apple eventually figures this out and starts giving users advanced warning and clearer notifications when they need to upgrade lest they put their digital safety at risk.
*My estimate of roughly 20 to 30 million Macs constituting 1/7th of the current installed base (which I’m estimating at roughly 150 to 200 million) is based on Paul Thurrott’s interpretation of Apple’s claim of 1 billion active devices in January 2016. As an aside, 1 in 7 Macs is a slight percentage decrease as compared with January 2015 when I last brought this up; at that time 1 in 5 Macs were no longer getting security updates. The decreased percentage of unpatched or unpatchable Macs since then is likely due in part to fewer old Macs still being in use almost two years later, and many new Macs being sold in the mean time.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.