Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Some other things that devs should know about Sequoia:

- If you're sticking to Sonoma for stability, be aware Apple doesn't backport all security patches. Apple's release notes show 79 security issues fixed in Sequoia, and only 37 fixed in Sonoma 14.7. Maybe some vulns were only introduced in the Sequoia betas, but based on previous years, that's mostly not the case. Apple only keeps you safe on the latest version.

- macOS Sequoia, released days ago, still includes vulnerable years-old binaries like LibreSSL 3.3.6, curl 8.7.1, and python 3.9.6. https://www.intego.com/mac-security-blog/apple-still-leaving... (I've tested it's still true on the final 15.0)



> Apple's release notes show 79 security issues fixed in Sequoia, and only 37 fixed in Sonoma 14.7.

Not an Apple fan myself (don't touch the stuff at all) but my first thought there would be to check if the "missing" fixes are for things broken in the new release that don't need fixing in the prior one.

> still includes vulnerable years-old binaries

Are these stock builds, so definitely have the problems you are concerned about, or could there be security updates backported as Debian do with older versions in their stable release?


I promise, you will be just fine without the security updates.


This is probably misguided. Apple includes the OS version number in the user agent, so an attacker can actually pay to have code delivered only to users with vulnerable versions of MacOS. (advertising marketplaces allow bidding by user agent)


Are you thinking of a safari exploit that allows JavaScript to get out of the safari process? What’s the attack scenario?


The user agent is defined by the browser.

And it only contains: Intel Mac OS X 10_15_7 irrespective of what Mac you are using.


I’m seeing Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7). What do you think the 14_7 stands for on MacOS 14.7?


I currently use M3 Max MacBook Pro. Mac OS 14.6.1(23G93).

Firefox 130.0.1

  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0"
Safari 17.6

  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
Seems like a Google Chrome-specific behavior, but I don't have Google Chrome installed to test.


> Intel Mac OS X 10_15_7.

This is on an M4 MacBook Pro running 15.0.

So not correct.


Heya, I couldn’t find a way to contact you privately but I’d assume you want to delete your comment until (presumably) next month! Correct me if I’m wrong tho :)

Alternatively, a mod could help to edit it instead


Why would they want to do that?


To be honest, I’m not entirely sure.

It’s a product that isn’t officially announced yet. Anyone could mention that they own that device of course, but it’s the extra credibility of him being an ex-Apple SWE (judging from his comments) that convinced me to drop that comment.

Dunno if there could be any legal implications, if not - all good!




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: