Comment by wpm
1 year ago
The old OS will generally get most security updates for two years, but that is not a written policy or rule, and Apple has not patched CVEs on older OSes in the past that were well within the N-2 assumption.
Most of the time they do, but depending on the data you work with and the risk you can accept, that might not be an acceptable policy.
Thanks, I should have specified that!
I'll note that anyone running an out of date MacOS should use Chrome or Firefox. Safari gets its updates via OS updates, whereas third party browsers have their own update cycle.