About Apple's limited information included with software updates
<p>Apple generally provides very limited information about the specific bugs and patches that are being addressed by a given software update. For instance, in the latest updates for QuickTime and iTunes, it mentions "increase reliability, improve compatib
Apple generally provides very limited information about the specific bugs and patches that are being addressed by a given software update. For instance, in the latest updates for QuickTime and iTunes, it mentions "increase reliability, improve compatibility and enhance security," which has left many people frustrated and wanting to know whether the bugs they're experiencing have been addressed, and subsequently whether they should apply the update.
These rather limited and seemingly obvious statements in Apple's software updates are there simply because it does not want to advertise known bugs and exploits until patches have been widely distributed. Before or during an update's deployment, malicious software developers will have to find these known bugs on their own, which gives Apple time to develop and release patches before they can be exploited. In doing so, they are doing their best to ensure Mac users are protected.
This conversely brings about another situation to be aware of, which is that when the documentation on the specific bugs is finally released, malicious software developers and hackers may use them to target those who have chosen not to update their systems. Therefore, our first recommendation is to always update your software, and if not immediately, at least soon after the updates have been released. Granted, if user reports show an update to cause potential problems with your specific software or hardware configuration, you may need to consider this against the fixes offered by the update, but provided there are no such errors its worth while to update.
If you choose to not update, however, we highly recommend you regularly look up the fixes Apple publishes and be aware of the potential risks you're still exposed to. Many times the risks are not too great, and require you to perform a variety of specific steps before the exploit can be used, but in some cases, exploits can be rather easy to take advantage of.
Links to the documentation on an individual update are listed in this Apple Knowledgebase document, which is usually updated within a few days of a software patch. We recommend you bookmark this document and regularly read about the updates.
If you want more information and resources on a particular bug, you can search for it by copying the CVE-ID (provided in Apple's list) and searching for it at the following NIST website: http://web.nvd.nist.gov/view/vuln/search?
Resources