“Last week Apple released a security update to address the DigiNotar root certificate vulnerability, but in doing so revealed that the company may no longer support PowerPC-based Macs, at least when it comes to security updates,” Topher Kessler reports for CNET.
“Unlike previous security updates that have supported Leopard and even Tiger, Apple’s latest update requires OS X 10.6 and OS X 10.7, and this means that users running OS X 10.5 will not be able to update their systems,” Kessler reports. “If you have an early Intel-based Mac that is running Tiger or Leopard, then the only way to ensure you can update it is to upgrade your system at least to Snow Leopard.”
Kessler reports, “Apple stopped supplying OS updates for PowerPC-based systems with the OS X 10.5.8 update, but this is the first time that Apple has no longer supported them with security fixes.”
Read more in the full article here.
It seems to me that Apple should supply the updates needed to use any of its products safely for at least 5 years from the date of release. Since that was October of 2007, I think that Apple should be supplying security updates until at least 10/2012.
Of course, it’s arguable that Apple transitioned to Intel Macs in June of 2006, so the 5 years is already up – but if I paid money for Leopard (10.5), it seems to me that it’s a product deserving that kind of 5-year baseline support.
Darn you Apple! Now I’ll have to buy a brand new iMac! 🙂
I still use my old Power Mac G5 as a media and backup server. Wish it had QuickTime X, but I need something I can still use to run FreeHand once or twice per year.
Perhaps the security update doesn’t apply to PowerPC or older OS’? Don’t know, just asking.
It’s an OS-level issue for the Mac, not processor/architecture or application level, so yes PPC and older OSX users are vulnerable to the problem this update fixed.
But are you sure it isn’t a security issue related to something added to Snow Leopard? There were a lot of under-the-hood changes to that OS.
This is news to me. I thought Security Updates were only for the two most recent major releases of the OS, currently Lion and Snow Leopard. I thought the expectation is that users would upgrade to at least every other version of the OS.
When Snow Leopard was the current release, was Tiger still getting regular updates?
——RM
It really depends.
Something like a root certificate update is relatively OS version/platform independent.
There is no reason why the update shouldn’t be pushed to all OS X versions.
Now if we are talking about an OS level security hole then the 5 year window should hold true.
Its not like Apple is pushing out security updates at the rate of Microsoft. Seems like the little windows update icon says I have an update every 3 to 5 days.
And to put that in perspective, Microsoft continues to deliver (what sometimes feels like daily) updates to their ten-year old OS called Windows XP (still the largest share of the Windows world, even though two more versions came since then).
This is a very serious concern. If you are on Leopard (and some of us voluntarily so, as I am on a 2008 Intel MBP), I would recommend you follow these excellent step by step instructions to better protect yourselves.
http://ps-enable.com/articles/diginotar-revoke-trust
What Happened?
On July 10, 2011, DigiNotar.nl (a Netherlands CA) issued a fraudulent SSL certificate for the domain *.google.com, which would be valid for all google.com domains. DigiNotar has not been forthcoming about how the attackers were able to obtain the fraudulent certificate, releasing only a PR statement without any content. This means that more fraudulent certificates may have already been issued or may be issued in the future for *.google.com or other domains. The latest news is that there have been over 500 fraudulent certificates issued. While current indications are that it was used to snoop on G-Mail communications in Iran, no one knows what other places it might be used and for what other purposes.
Why Do We Care?
Furthermore, due to the nature of the certificates system, until the DigiNotar.nl registrar is completely secured and how the attack was conducted becomes publicly available, every SSL protected website and service in the world is vulnerable.
…
Because so many fraudulent certificates for so many high-value domains were issued (such as for yahoo.com), and there doesn’t seem to be a trustworthy list of the fraudulent certificates, there is a high risk that other sites may have been compromised and the end user would not be able to tell. The biggest risk to most users is identity theft by phishing of passwords. This could then lead to other compromises and eventually financial losses.
Apple hasn’t updated Tiger for quite some time.
My PowerBook G4 is still going strong and does what I need a portable computer to do. Shame Apple has abandoned it.
et tu, Apple?
Abandoning my 11-year old Cube running Leopard so soon?!?
😉
Apple released a Safari for Tiger security update last November. There are good reasons to continue security updates longer than current practice.