It seems like Apple releases updates to iOS, macOS, watchOS, and tvOS nearly every week these days. It has been only a few months since iOS 11 and macOS 10.13 High Sierra launched, and we’ve already seen ten updates to iOS and seven updates to macOS. Some of these have been to fix bugs, which is great, but quite a few have been prompted by the need for Apple to address security vulnerabilities.
Have you installed all these updates, or have you been procrastinating, tapping that Later link on the iPhone and rejecting your Mac’s notifications? I’m not criticizing—all too often those prompts come at inconvenient times, although iOS has gotten better about installing during the night, as long as you plug in your iPhone or iPad.
I know, security is dull. Or rather, security is dull as long as it’s present. Things get exciting—and not in a good way—when serious vulnerabilities come to light. That’s what happened in November 2017, when it was reported that anyone could gain admin access to any Mac running High Sierra by typing root for the username and leaving the password field blank. That one was so bad that within hours Apple pushed Security Update 2017-001 to every affected Mac and rolled the fix into macOS 10.13.2.
Part of the problem with security vulnerabilities is that they can be astonishingly complex. You may have heard about the Meltdown and Spectre hardware vulnerabilities discovered in January 2018. They affect nearly all modern computers, regardless of operating system, because they take advantage of a design flaw in the microprocessors. Unfortunately, the bad guys—organized crime, government intelligence agencies, and the like—have the resources to understand and exploit these flaws.
But here’s the thing. Security is an arms race, with attackers trying to take advantage of vulnerabilities and operating system companies like Apple, Microsoft, and Google proactively working to block them with updates. If enough people install those updates quickly enough, the attackers will move on to the next vulnerability.
The moral of the story? Always install those minor updates. It’s not just because you may be targeted if you fail to stay up to date, but because if the Apple community as a whole ceases to be vigilant about upgrading, the bad guys on the Internet will start to see macOS and iOS as low-hanging fruit. As long as most people update relatively quickly, it’s not worthwhile for attackers to put a lot of resources into messing with Macs, iPhones, and iPads.
That said, before you install those updates, make sure to update your backups. It’s unusual for anything significant to go wrong during these smaller patch updates, but having a fresh backup ensures that if anything does go amiss, you can easily get back to where you were before.