Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks

Twice now that Apple's bypassed Snow Leopard when it patched newer editions

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.

As Apple issued an update for Mavericks, or OS X 10.9, as well as for its two predecessors, Mountain Lion (10.8) and Lion (10.7), Apple had nothing for Snow Leopard or its owners yesterday.

Snow Leopard was also ignored in December, when Apple patched Safari 6 and 7 for newer editions of OS X, but did not update Safari 5.1.10, the most-current Apple browser for the OS.

Apple delivered the final security update for Snow Leopard in September 2013.

Traditionally, Apple has patched only the OS X editions designated as "n" and "n-1" -- where "n" is the newest -- and discarded support for "n-2" either before the launch of "n" or immediately after. Under that plan, Snow Leopard was "n-2" when Mountain Lion shipped in mid-2012, and by rights should have been retired around then.

But it wasn't. Instead, Apple continued to ship security updates for Snow Leopard, and with Tuesday's patches of Mountain Lion and Lion Tuesday, it now seems plain that Apple has shifted to supporting "n-2" as well as "n" and "n-1."

(In that scenario, Mavericks is now "n," Mountain Lion is "n-1" and Lion is "n-2.")

The change was probably due to Apple's accelerated development and release schedule for OS X, which now promises annual upgrades. The shorter span between editions meant that unless Apple extended its support lifecycle, Lion would have fallen off the list about two years after its July 2011 launch.

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support.

"Let's face it, Apple doesn't go out of their way to ensure users are aware when products are going end of life," said Andrew Storms, director of DevOps at security company CloudPassage, in a December interview.

To Apple, Snow Leopard increasingly looks like Windows XP does to Microsoft: an operating system that refuses to roll over and die. At the end of January, 19% of all Macs were running Snow Leopard, slightly more, in fact, than ran its successor, Lion, which accounted for 16%, and almost as much as Mountain Lion, whose user share plummeted once Mavericks arrived, according to Web analytics firm Net Applications.

With Snow Leopard's retirement, 1 in 5 Macs are running an operating system that could be compromised because of unpatched vulnerabilities.

Snow Leopard users have given many reasons for hanging on, including some identical to those expressed by Windows XP customers: The OS still works fine for them; their Macs, while old, show no sign of quitting; and they dislike the path that Apple's taken with OS X's user interface (UI).

Also in play is the fact that Snow Leopard was the last version of OS X able to run applications designed for the PowerPC processor, the Apple/IBM/Motorola-crafted CPU used by Apple before it switched to Intel in 2006. Snow Leopard, while requiring a Mac with an Intel processor, was the latest edition able to run the Rosetta translation utility, and thus launch PowerPC software.

The one comfort in Tuesday's updates was that it looked like Apple will continue to support Lion and Mountain Lion a while longer, even though it has offered those users a free upgrade to Mavericks. Yesterday's security updates patched 21 vulnerabilities in Lion, 26 in Mountain Lion.

In December, Storms bet that Lion and Mountain Lion had been retired when Apple did not issue security updates for those two editions, even as it fixed a handful of flaws in Mavericks. But he gave himself an out at the time, noting that Apple's silence -- it has long declined to comment on almost any question related to security -- on those editions may be temporary.

For parts of Apple's customer base, the free-OS X strategy seems to be working: By Net Applications' tally, Mavericks accounted for 42% of all versions of OS X used in January. Mavericks' continued gains, however, have come mostly at the expense of Mountain Lion -- which lost 6 percentage points in the last two months -- and Lion, which dropped by 2 points in the same period. Yet Snow Leopard has been largely unaffected. Since October, when Mavericks appeared, OS X 10.6 has dropped less each month than either its 6- or 12-month average.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His email address is

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplesecurityMac OS XMalware and Vulnerabilities

More about Andrew Corporation (Australia)AppleIBM AustraliaIntelMacsMicrosoftMotorolaTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place