Last Week on My Mac: All in the numbers

Last week, after months of waiting and a few beta tests, Apple released its first RSR, Rapid Security Response. As far as we can tell, it seems to have been a success, with all Macs running Ventura 13.3.1 offered the update, and few plausible ill-effects. We’re unlikely to know whether it achieves what it sets out to do, as Apple has predictably declined to provide any information as to what it changed.

Although disappointed at Apple’s silence, I’m not surprised. I had guessed that it had no intention to reveal fixes included in RSRs until they were rolled into the next macOS update. Because these are ‘hot’ fixes to address vulnerabilities that are either being exploited already or are considered urgent, I can see a case for temporary secrecy. As they’re easy to uninstall, unlike regular macOS updates, any resulting problems should be easy to address.

What I hadn’t expected was the mess this has brought to macOS version numbering.

When Big Sur even seemed to catch Apple’s own engineers by surprise with its new, rational version numbering system, we might have expected its cleanliness to have lasted longer than two and half years. Despite the fact that I still can’t find any official statement from Apple explaining it for users, this is how we presume macOS version numbering now works:

The major version number, 13 in the case of macOS Ventura, increments each year with the autumn/fall upgrade.
The minor version number, the 3 in 13.3 for the last minor release of Ventura, increments from 0 to 5 during the year of full support, then changes to 6 for the first year of security updates, and 7 for the second.
The patch version number, the 1 in 13.3.1 for the last security update to Ventura, is only used when updates are made between scheduled minor versions, and for each security update during the two years following the end of full support.

This replaced the more chaotic scheme in which the major version number was fixed at 10, and security updates often ended up as numbered Supplemental Updates. I still dread thinking about the confusion that brought.

This new version numbering system introduced with Big Sur doesn’t provide for RSRs. One logical solution might have been to extend it to a fourth digit, making last week’s RSR 13.3.1.1. Perhaps the least appropriate would have been to introduce letters and punctuation marks other than the stop/period already used, and that’s exactly what Apple has chosen by making this first RSR 13.3.1 (a).

Although we all hope that RSRs won’t prove frequent, Apple hasn’t revealed whether they would then be incremental, with (b) including the changes in (a) in addition to its new fixes. Or would we see a Mac with both RSRs installed as having macOS 13.3.1 (ab), or (a)(b)? Are the letters intended to reset with each patch version change, so that the first RSR to 13.4 would be 13.4 (a), or are they continuous, making that 13.4 (b), assuming that no further RSRs are released for 13.3.1?

At least Apple has modified some calls that provide macOS information to accommodate this change. If you use the command tool sw_vers, then its main result now includes an additional line
ProductVersionExtra: (a)
and you can check that alone using
sw_vers -ProductVersionExtra

Similarly, those accessing SystemVersion.plist will find a new key-value pair of
<key>ProductVersionExtra</key> <string>(a)</string>

For coding in Swift, though, extracting the RSR version is obscure. ProcessInfo.processInfo.operatingSystemVersionString returns the full string, such as “Version 13.3.1 (a)”, but the OperatingSystemVersion structure doesn’t yet have a component containing the RSR label. Until it does, developers are left parsing the full string despite the documentation for operatingSystemVersionString specifically stating “this string is not appropriate for parsing.”

That’s why, for the moment, none of my apps can tell you which RSRs are installed, except where they already give the full string. Perhaps this has come as a surprise to the engineers maintaining Foundation.

Interpretation of build numbers is more controversial, and has now reached a new height of opacity: apply this RSR to build number 22E261 and it becomes 22E772610a. Quite where the three additional digits come in remains a mystery that we can rely on Apple never to explain.

If there’s one fact of macOS that we can rely on, it’s that whenever Apple puts its version numbering into order, within a few years it will have lost all rhyme and reason.

These quibbles apart, I’m impressed with this first run with an RSR, and look forward to seeing them fly higher in the future when they only have to patch macOS on Apple silicon Macs. Congratulations to all those engineers who made it so trouble-free.

8Comments

Add yours

1

fds on May 7, 2023 at 7:22 am

The build number change is even weirder than that: it went from 22E261 to 22E772610a, a whole 4 characters longer, at least on my Mac.
The “22” seems to signify Ventura, and “E” is for 13.3, since curiously 13.0 and 13.0.1’s starting 22A* builds jumped straight to 22C* already with 13.1, which is why 13.3.* was already 22E*. Ah, best not to even try to make any sense of it.

LikeLiked by 1 person
- 2
  
  hoakley on May 7, 2023 at 7:30 am
  
  Thank you. I have tweaked the wording to make clear the three additional digits.
  Howard
  
  LikeLike
3

Duncan on May 7, 2023 at 3:22 pm

See also: “Pro”, “Max”, “Extreme”, “Ultra”, “Plaid”

LikeLiked by 1 person
4

xz4gb8 on May 7, 2023 at 4:23 pm

(a) upgrades to (b), but extra characters?…

2918 Mini macOS 13.3.1 (a) (22E772610a)
M1 MBP macOS 13.4 Beta (22F5059b)

A most ingenious paradox. Explain it if you can.

LikeLiked by 1 person
- 5
  
  hoakley on May 7, 2023 at 7:42 pm
  
  Thank you.
  I’ll have a try:
  13.3.1 (a) follows the new RSR convention of extending the trailing digits and adding the RSR character.
  13.4 then resets that to the previous layout, with a trailing b to indicate a beta.
  Crazy.
  Howard.
  
  LikeLike
6

Michael Tsai - Blog - Rapid Security Response Version Numbers on May 8, 2023 at 6:43 pm

[…] Howard Oakley: […]

LikeLike
7

Gabe Ster on June 1, 2023 at 6:30 pm

The lack of definition from Apple about versioning with respect to RSRs (and macOS/Safari in general) is extremely frustrating to Mac admins the world over. Adding the extra (a) instead of interating the build or product versions numbers breaks of lot of logic and confounds our common sense.

Curiously certain shell scripts from a certain significant provider of macOS security and management tools use “sw_vers | grep ProductVersion” to get the version instead of “sw_vers -productVersion” and those break completely with the RSR installed as the variable collecting the version now has multiple lines, e.g. instead of just returning
13.3.1 (a)
They get
13.3.1
(a)
How implementing this way made sense to anyone at Apple is beyond me… I suspect they gave it to an intern who couldn’t think/systemize their way out of a paper bag / docker container. ¯\_(ツ)_/¯

LikeLiked by 1 person
- 8
  
  hoakley on June 1, 2023 at 6:58 pm
  
  Thank you.
  While not disagreeing, every time Apple changes version numbering something similar happens. It’s almost as if someone enjoys breaking third-party software.
  And, as Apple never documents its version or build numbering, you can never complain either.
  Howard.
  
  LikeLike

Share this:

Related