October 3, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things! |
Understanding software version numbers
How many of you read about the Apple updates above and wondered why the numbers go the way they do? Well, I'm gonna explain that this week! (It works the same way for both software and firmware.)
A shorthand explanation I've seen many times is that versioning takes the format X.Y.Z where X=major, Y=minor, and Z=patch. So, in our examples above, Apple recently released iOS 17 with a bunch of new features, some of which only work on the latest hardware. That's the first number in the version, 17, which indicates it's a major upgrade to earlier versions. Then you see we have 17.0.1 and 17.0.2. The 0 in the middle of both of those indicates that we haven't gotten any minor feature additions to iOS 17 just yet. The last number indicates that we have received some patches. iOS 16.7 has some minor feature updates since 16.6.2 and also some patches all rolled into to one update (that's why there is no third number -- patches to 16.7 will cause the release of 16.7.1).
Now that you understand the numbering scheme, why do you care? Well, my rule of thumb is never upgrade to X.0 anything (one exception below). This numbering scheme means it's a brand new, major upgrade with no patches released yet, which most likely has some bugs, and personally *I* don't want to be the one to find them. I always wait for that second number to be 1 at a minimum before upgrading (and I often wait longer than that).
Should you upgrade to 17.1 as soon it's available? Well, again, my rule of thumb is that I only upgrade to a major version if (1) it has some features I want and (2) my device is fairly new so it's not going to become super-slow trying to run firmware it wasn't designed to run. If those two conditions aren't met, I would only do a major upgrade when the version I'm running is no longer supported. Gotta keep getting those security patches!
Finally, if you can't remember the last time you updated a device, and you go look for software/firmware updates on it and find that there are none available, double-check that the version you are running still supported. If it's not supported, and you can't update that device to a supported version, then it's time to replace that device.
Note that not all software follows this versioning scheme. There are a couple of other common schemes to be aware of, and I'll address those in a future newsletter.
October is Cybersecurity Awareness Month
And CISA has developed some resources to raise awareness and assist in employee training. You will probably recognize their "Four Easy Ways to Stay Safe Online" -- read and share.
Stay cyber safe this week!
Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.
Have a great week!
Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months
ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺