Mountain Lion - No More Security Updates???

There's nothing new in the way Apple released this OS update. They've done the same thing for every version of OS X that they've released. They release a new version of the OS and typically continue to support/patch 2 versions back. While they did not release a security update this week, that's not to say they do not have one already in the pipeline.

I would imagine we will not see another point release of Mountain Lion, but we will continue to see security patches for Mountain Lion until 10.11 is released. That's my opinion and in no way reflects any insider knowledge I have, other than the years of experience I have supporting Apple in the enterprise.

Apple has never released a "clear" road map for hardware or software. You could argue that their beta builds that are released to the developers could constitute a road map of sorts. I know that other vendors do release road maps, and that allows the enterprise players to prepare for what's coming, but Apple is NOT an enterprise company. There was a comment in one of the JNUC sessions last week about Apple and the enterprise, and I cannot remember it, but it was a good description of what Apple is to the enterprise. Hopefully someone else was in that session and remembers.

Anyway, I applaud your desire to write to Tim Cook and to Apple to let them know your feelings, but I have a feeling it will not sway the way they do business one bit.

Mt Lion was just updated to 10.8.5 and Apple is still releasing security updates for 10.6.8. A security update was released for Lion in September. Apple typically does not stop security-based updates for some time. Rather than getting heated about something that hasn't happened, look at the past actions of Apple.
Apple is well-known for not putting out roadmaps, but over time you learn how they work.
Not sure what's so infuriating about this release. Nothing new - we all have the same challenges. And at least now we don't have to manage licenses for OS upgrades. That's a huge plus when it does come time to rollout.

@stevewood. That's just scary… :)

I don't know the comment in question, but Andy Ihnatko summed it up perfectly during his talk at MacTech 2011:

"Apple doesn't care about you."

This is not necessarily a bad thing. It just means that Apple is only taking their own concerns into account when they make decisions.

Well, no company "cares about us". Apple just has their own way, and over time, most have figured out how it works. Join the dev team and you can get seeds to test and be slightly more aware of the releases upcoming, as well as having the software to test/vet.
I know the Wintel guys go through the same crap, but they do get a better roadmap from MS. But what good is a map that leads you off of a cliff? :)

Every major OS release (10.8, 10.7 etc) included a Security Patch the same day. Previous to 10.8, Apple had only patched the previous OS (with 10.8 it is true they did patch back to 10.6). You can read up on the history and theory of what is going on here...

http://www.zdnet.com/os-x-mountain-lion-users-no-more-security-updates-7000022322/

This all explains why Mavericks is free to every OS back to 10.6 and all hardware that can run. 10.9 is the security patch.

I fully understand that Apple doesn't give roadmaps; I know this. I've been doing this long enough (10 years) to know that. But I do believe they care about marketshare, and the enterprise can have a big affect on this. Regardless, they are leaving all of us in a bad place.

And rtrouton, your right, 'they don't care about us'. I've said this long before Mr. Ihnatko.

Trust me when I tell all of you; I hope I am wrong, wrong, wrong! I just don't think I am.

Well, at some point it becomes expensive and time-consuming to support years-old OS's. I can barely remember how to support 10.6 even though I spent countless hours on it with clients. It seems smart to reasonably push people to move forward. We're talking support now for four OS versions. Dunno. if the sky falls I'll worry about it then. Of course it doesn't hurt to email your Apple reps or just Apple. They do on occasion listen.

To boettchs point about the Developer program...
Being part of Apple's dev program only saves me a couple weeks of development really. Ultimately I'm at the mercy of software companies and their compatibility with Mavericks. And when you talk about systems with backend servers and clients in a large enterprise, you can be talking months until were ready to move....

It is stupid that they aren't releasing security updates for older OSes from here on out. I can understand them dropping say, 10.6 and even 10.7 support, but to drop security updates for the OS that up until just a couple of days ago was the latest public release seems crazy to me. I'd be happy if they kept up security updates for 1 release back. So, as long as 10.9.x is the latest, continue to support 10.8. Even if that required that the Macs be running 10.8.5 it would be acceptable. Once the next major release is out, drop support for 10.8 and keep up updates for 10.9, that sort of thing.
Dropping all security updates for the last version immediately after a new release though really isn't acceptable.

I am with Apple on this one shockingly, I would much rather have a good standpoint to tell my users sorry i cannot support that 10.6 any longer. Of course i have stupid license servers running on 10.6 servers in some locations because the vendor cannot update their license server, and really at this point i am running those Xserves in the condition they are in until they die, but that is what virtual machines are for.

10.8.5 came out just a few weeks ago, why do you want another update already? is it necessary? is there a known bug in 10.8 that needs addressed?
and lets see this is year 3 of yearly OS updates, plan for it, its an agile world you live in when dealing with apple, if you can roll with apple you can make your Windows team look like slugheads because they are still supporting an OS from the previous Century :)

"is there a known bug in 10.8 that needs addressed?"

Actually, yes. If you look at the article, Apple announced that vulnerabilities that exist in 10.8 were patched in 10.9, but no forthcoming patch for 10.8 to fix those same issues has been released, and may never be, although its impossible to know for sure given their secrecy. This is at the core of the issue. Now that these vulns have been disclosed it means attack mechanisms to exploit them by ne'er do wells can be crafted a bit more easily. See the issue here?
Seriously, people need to stop being so naive, Apple did not make Mavericks free out of the goodness of their hearts. They are a company and this was a calculated move on multiple levels. Mavericks was made free to ease the $$ burden of forcing all Mac users to upgrade to it to continue to receive security patches.

nessts...
OK, just to clarify. There is a difference between a dot release (like 10.8.5) and a security update (ie. Security Update 2013-004). I'm talking about the Security Updates. I fully understand there will be no 10.8.6. I'm also not advocating they support 10.6 or 10.7 with security updates either. I'm only talking about 10.8.

Your problem is now, 10.8.5 has KNOWN security vulnerabilities (that Apple disclosed with the release of 10.9) that will likely not be patched. So when all of our systems get compromised, will Apple care then? If I was a hacker, I would immediately begin writing exploits to attack Apple OSes prior to 10.9.

mm2270, you have it 100% right. Glad I'm not the only one getting this (assuming I'm right). I think our best course of action is to freak out on everyone we know at Apple. I'm not asking for the world. Just 1 security patch for one version of the OS, 10.8 (and subsequent ones when they disclose new vuls.)

OH: "10.9 *is* the bug fix / security patch for 10.8".

@bcunning
We're in a similar situation in that we can't jump to 10.9 so quickly because we have 3rd party software dependencies, and we're waiting on these developers to release Mavericks compatible updates. Its impossible to say how long we may need to wait. We're an enterprise company and I mean enterprise as in worldwide with customers in nearly every major country in the world, managing 6000+ Macs (and 10s of thousands of Windows PCs) As such, security is at the top of the list of priorities here and taken very seriously.
Moving to Mavericks will take us some time and thorough testing. Apple just doesn't get this stuff. They treat everyone as if their OS is being used on a home Mac, and that just isn't the case. TO be very clear, I'm not trying to say that Apple needs to bend over backwards for big enterprises. In fact, I'm glad they don't do a 'Microsoft' and continue to support a decade plus old version of their OS. Its really better the way they do it, but I just think if its true they've dropped security support for 10.8, it feels way too fast in my opinion. Even if they set a date when support would end, in say 4 or 6 months, that would be better. Give us some time to do this transition the right way, instead of creating a situation of scrambling to keep our systems safe from exploits.

But has anybody a statement from Apple that there are no more updates ever for 10.8 and lower? Or are we reacting to the supposition of a journalist that since an update was not released yesterday or the day before one is never coming? if we look at the guys chart, he shows the first security update released after 10.8 became available as happening Sept. 2012 and if I remember correctly 10.8 was released July 2012. they did not release a security update on his list with the release of 10.8. Maybe we should have a little faith that as dumb as Apple can be about some things, they are not complete morons. I have sent a question to a technical rep if i get an answer I will share.

Everyone ready to jump off a bridge yet ; )

Maybe the smaller companies out there don't care, and can move quickly. But us big ones can't.

Call Apple, I'm betting if enough of us complain, maybe just maybe, they will release a patch. I tried to explain to my rep that the iOS explosion in the enterprise is tenuous. I fully believe that IT management (not just my company, but any large enterprise) will look to move away from Apple once there is a competitive product that consumers accept (that isn't a security hole, I'm looking at you Android). This will be another reinforcement to IT management that 'Apple doesn't care about us'. I've accepted this, I've been at this long enough, but management, they are new to this approach.

@nessts
Yeah, I'm reading the tea leaves, but given past history and the free for all Mavericks, I don't think my conclusion is wrong. Apple isn't going to tell us anything, and I've asked. I've already been instructed by our security group to update my Macs to 10.9, via defense department standards that we follow. This is DOD's remediation for the vulnerabilities in 10.8.x.

A security patch (for at least the previous OS) has accompanied every major OS release and dot release the SAME DAY. We are now 2 days out since the release of 10.9 and no update.

This also follows iOS. Once they release an update, they don't patch the old OS. Apple is not going to confirm or deny.

I'll say it again; I hope I'm little boy blue screaming my head off over nothing. I just don't think this is the case.

@nessts
And I had this conclusion before I found the ZDnet article (yeah I know the source is not exactly the best). But the article just confirmed (somewhat) what I concluded based on the remediation course I had been given.

Has anyone heard anything from their Apple reps? They've gone silent, despite saying they would get back to me.

Further evidence there will be no security updates (barring exploitation of their old OSes), Apple's own security updates page (Note it says that 10.9 remediates issues from 10.6 on)....

http://support.apple.com/kb/HT1222

We contacted our reps yesterday. We were promised some information once they've had a chance to ask their higher ups. The general feeling was that they aren't really sure if support really is dropping for older OSes, although they are of course noting their history of support for previous OS versions as evidence to the contrary. Problem is that Mavericks has so far broken this trend which is what's so concerning.

If we hear anything I'll post what I can about it.

Never mind the fact that 10.6 just saw an update within the last month; let's all assume that 10.8 is officially dead now.

"You see, it would be this matt, that you would put on the floor, and it would have different conclusions written on it, that you could jump to!"

Apple has done some really goofy things but.. This is one thing I do not see them doing. I can see dropping 10.6 but it would be absolutely crazy not to release security updates for 10.7 and 10.8 which still account for a very large population of macs. Forget Enterprise for a second and just think of all the home users that would be affected by this. It would be an absolute field day for the malware and virus attackers.

I really believe they will be continuing the security updates. I do admit that this "OS X Mavericks v10.9
Mac OS X v10.6.8 and later 22 Oct 2013" does not look good. And the fact that they are breaking with the past is not good but I just cant seem them doing this.

If they do It will turn into a situation like how they did not give a crap that new hardware was not EPEAT certified.

They reversed pretty quick on that one. Lets hope it does not even get close to that point.

You may be right. We just received an email from our Apple reps with a quote from "someone" at Apple's software team that they will in fact continue to provide security support for older OSes, Whether this was the way it was to be all along or just a response based on voiced concerns I can't say, but It doesn't really matter. The "unofficial" word we got is that yes, they will continue to provide security support for pre Mavericks OSes.

What was left unanswered was the "when" Still no similar patch for 10.8, 10.7 or 10.6, but its only been a few days. Again, I don't even care if they only provided 10.8 support and dropped the other 2. Let's hope they release something soon.