macOS 11.6 Big Sur, iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and Security Update 2021-005 Catalina Fix Security Flaws

asking for a friend (and please don’t laugh), does this mean that anyone with an older operating system than Catalina is vulnerable to the Pegasus virus?

This is my question as well.

There are two possibilities:

  • The older operating systems are not vulnerable. Apple would have released a version for Mojave at least, since it’s still doing security updates that far back. And the company has released updates to iOS 12 for the same reason.

  • The updates for older operating systems may still be coming. It seems that Apple just learned about this zero-day, zero-click exploit and has been working around the clock to fix it. The current operating systems are by far the most important, so it’s possible we’ll see security updates for at least Mojave and iOS 12 in the next few days.

Never mind, I got macOS 11.6 installed this morning. I should have guessed that everyone, their mothers, and other sentient beings were all trying to download at once.

1 Like

It’s a complete guess, but I would think that Apple would say the older operating systems are not vulnerable if that were the case.

Still a complete guess, but this seems more likely to me.

Yes, it appears that there are slightly different build numbers depending on what machine and OS you’re on. But I guess the real point is to trust Apple for this sort of update. Even though it looks like you’re updating 14.1.2 to 14.1.2, if software update says there’s a difference, assume there’s a difference.

That’s my guess as well, based on past security updates, where the Mojave (and earlier in cases there were ones for versions earlier than Mojave) update showed up a few days after the Catalina/Big Sur updates. It is a guess, but it would match what Apple has done in the past.

I’ll go ahead and update, and I guess see if more appears in the next few days. Thanks!

Updated devises. My iPhone 12 always defaults
“Do not disturb” no matter what I do.

My series 6 watch now displays a watch face that I have never set. When I set the watch face I have when the watch goes to sleep it again changes back to new default.

Any one have a suggestion to correct?

With most Security Updates there are examples of older OS versions being left out and I don’t remember a single instance of Apple telling us whether it was because they were not vulnerable or just being ignored. In a few instances, an independent person will post that they have determined that an older OS is or is not vulnerable, but never Apple.

1 Like

Agreed. I’m sure Apple doesn’t do this for security reasons. If they are ignoring the problem, they don’t want to alert the bad guys to that fact. And Apple never says anything about obsolete operating systems other than in support documents that become necessary for some reason.

Thanks for the correction. I’ll expect no comment.

1 Like

My practice for many years is to pin several apps to specific desktops on my Macs. In particular, I pin Apple Mail to Desktop 1 and Safari and Twitterific to Desktop 2. I leave Desktop 3 as a bland slate and pin Music to Desktop 4. I also keep a few blank desktops after Desktop 4.

MacOS 11.6 moved Apple Mail to Desktop 3 on my MacBook but left it in place on my iMac. Of course, it was easy to fix in Mission Control, but somewhat mystifying.

I found this article to be interesting. It explains why it took so long for Apple to fix the Pegasus back by NSO.

Apple don’t have direct access to iMessages. They are truly encrypted from end to end. Thus, unless NSO attacked Tim Cook’s iPhone, they didn’t know the way the hack worked.

This timeline provides how quickly Apple turned this around.

  • March 2021: Citizen Lab examined an iPhone of a Saudi activist who thought they were hacked by NSO. Citizen Lab was able to obtain an iTunes backup of the iPhone.
  • September 7, 2021: Citizen Lab turned over the artifacts to Apple with their notes.
  • September 13, 2021: Apple issues patch.

The article is here.