Apple isn't updating Snow Leopard anymore, here's what you should know
Update: post clarified regarding the "gotofail" bug, which is not present in Snow Leopard and did not require a security patch.
Snow Leopard has been a wonderful operating system for Macs, but more than four years into its life span, Apple is posed to send it to the Home for Elderly Felines. The writing was on the wall for Snow Leopard in December 2013 when Apple patched Safari for OS X Lion, Mountain Lion, and Mavericks without thinking about their older sibling. Snow Leopard had received a security update in September of 2013, just two months earlier.
To be clear, Snow Leopard does not appear to have the "gotofail" bug -- the SSL/TLS vulnerability allowing secure web sessions to be hijacked with a man in the middle attack -- which was patched in Mavericks this week and in iOS before that. However, when you look at the installed base of OS X, as the folks at ComputerWorld have done, the fact that this particular high-profile security issue wasn't a Snow Leopard issue isn't really that comforting.
According to the report, 19% of Mac users are still sticking with Snow Leopard, leaving roughly 1 in 5 Macs vulnerable to these holes in security. Snow Leopard is still popular for a number of reasons. It's the last version of OS X that supports pre-Intel Macs. Correction: Snow Leopard is the last version of OS X to support Rosetta, which allowed you to run PPC-based older Mac apps on Intel machines. You cannot run Snow Leopard on a PowerPC Mac -- 10.5 Leopard was the final release for those models.
In production environments it is not uncommon to have an OS a few versions behind, particularly if you rely on a few key apps. Bottom line, if you've got an older computer that's just used for day-to-day Internet and word processing, some users may not move on from Snow Leopard until the computer gets replaced.
The problem is Apple hasn't officially announced its intention to send Snow Leopard to a nice farm with a new family. Users who don't keep up to date with Apple news, or just rely on the updates their system suggests, may be left out in the cold with security loopholes on their machines they don't know about. And attackers may look at that hefty chunk of older OS users as a promising target, with security issues that may never be fixed.
In the case of the "gotofail" bug, which was caused by an errant line of C code that had been duplicated, the hole was in Mavericks and in iOS 6/7, but in the 10.9.2 update a patch for Safari also addresses "multiple memory corruption issues" in WebKit (upon which Safari is based). So the good news is that your older Snow Leopard machine doesn't have this latest exploit to begin with. The bad news is that if a vulnerability is found, there's really no guarantee Apple will patch it.
As for Lion or Mountain Lion fans worried their OS may be the next on the chopping block, rest easily. Apple is still offering users of those systems a free upgrade to Mavericks.
