As an Apple admin, one of your responsibilities is to secure company data on your users’ Apple devices. Luckily, those devices are inherently secure, which makes your job easier. But as with any operating system or other software, vulnerabilities are occasionally discovered.
Apple is excellent about releasing operating system updates. While these updates can bring new and exciting features, they also bring fixes for those newly discovered vulnerabilities. So installing the latest version of the operating system is a good security practice.
Apple's Operating System Support
Fortunately, upgrading the OS on a managed device is typically simple: You can use the built-in software update mechanism or use your MDM solution to trigger it.
But occasionally you’ll run into issues that prevent you from keeping the operating systems on all the devices in your fleet updated. For example, you might have old Mac hardware that the latest OS doesn’t support. Or maybe you have a mission-critical application that isn’t compatible with the new OS.
If you’re unsure whether or not the latest OS will run on your hardware, the best reference is on Apple’s website. There you’ll find compatibility information for iOS, iPadOS, and macOS.
On those pages, for example, you can learn that macOS Big Sur is compatible with Mac computers all the way back to the 2013 MacBook Pro. iOS 14 is compatible with iPhone devices going back to the 6S, which was released in 2014. In other words, Apple’s latest operating systems are compatible with Mac computers that are eight years old and iPhone devices that are seven—pretty impressive when you consider how quickly and extensively Apple hardware evolves.
Security Updates for Older Devices
If you’re coming from a Windows admin world, you might be familiar with Microsoft’s lifecycle FAQ, which provides specifics on how long Microsoft will support its operating systems. While Apple doesn’t spell out how long it will officially support a given OS that explicitly, you can draw some conclusions based on history.
That history is easily seen on Apple’s security updates webpage. For example, scroll back to July 21, 2021 and you’ll see that Apple updated both macOS 11.5 and 11.5.1. On the same day, you will see that the company released security updates for macOS Mojave and macOS Catalina. But there were no updates for prior operating systems listed.
Now scroll down to September 20, 2020—before Big Sur was released, when Catalina was still the latest and greatest OS for Mac. You will see that Apple released macOS Catalina 10.15.7 that day, along with security updates for Mojave and High Sierra.
If you do the math, you can see Apple typically supports the latest OS version and two releases before that—in other words, N minus 2. That could always change, but that’s been the historical trend.
Apple likely has a variety of reasons for not supporting operating systems indefinitely. But the most obvious one is that maintaining software takes time and resources. Maintaining old software becomes burdensome because of changes in technology, codebase, and more. The payoff for doing so diminishes as users upgrade from those older versions. Those same resources can be better utilized building new features and implementing bug fixes for current and future product versions.
Is It Time to Upgrade?
At Kandji, we are following Apple’s lead in keeping customers safe with the latest software and operating systems. When macOS Monterey is released this fall, Kandji will support it as well as iOS and iPadOS 15. We will also support Apple operating systems going back to macOS Catalina 10.14 and iOS 13. At the same time, we will be deprecating support for macOS 10.13 and iOS 12.
If you have Apple devices running older operating systems, we recommend upgrading them to reduce the risk of security vulnerabilities on your fleet and to ensure they continue to work with Kandji. And if you want to take the plunge with macOS Monterey when it’s released, start testing today. Check out our previous blog posts to learn more.