Not sure about least secure, but clearly least production ready: High Sierra is like a public beta of the version to come.

What saddens me the most is that there are a lot of "small" issues that are found now (and by small I don't mean that they are not critical or important, just that they are a small feature/% of the whole), and we forget that Apple teams managed to upgrade the whole filesystem to APFS on this version of macOS, which is a huge feat. We haven't heard that many problems with the filesystem itself or with the upgrade, which is truly impressive at that scale and complexity.

My IT department told me yesterday to avoid High Sierra at all costs! Is this the norm?

Blindly updating a work machine to a brand-new release isn’t a good idea regardless of the OS.

In High Sierra’s case, it took until the .2 release before we were fine with it.

Keep in mind that IT departments (including myself here) like to have important things to say about software updates, especially when it’s about the OS that requires a lot less IT work. :)

I dunno. It's been years since I worried about updating a workstation to the latest Debian stable. Or server for that matter. So it's certainly not a question of resources.

[ed: not that Debian hasn't had issues. Broken openssl/ssh key generation being perhaps one of the worst security issues in recent memory]

Exactly, iOS and Mac developers excepted, very little productivity gain comes from updating to the latest version of the OS right away before all the compatibility kinks have been worked out.

A lot of people have a (completely understandable) weakness for the latest and greatest though.

I thought just apple filesystem (assuming you're on SSD) would be enough to make you want to upgrade.

More like a new, not-yet-battle-tested, proprietary filesystem is enough of a reason NOT to upgrade...

Yes, avoid it unless you need to work on the latest Xcode.

Exactly what just happened to me: I was planning to stay on 10.12 for some more time, but now I need to do some testing on the new iPad 6, which is provided with iOS 11.3 in the box, which is only supported by the new xcode 9.3, which only works on macOS 10.13... #damnit

It also makes you wonder how much crap like this is hiding in the complexity of accessing things in iOS.

Security is usually more process than anything else. It seems weird that two OS divisions would really be that different.

> It seems weird that two OS divisions would really be that different.

It’s not weird. The lack of a first class sandbox model on desktop certainly makes its security properties and threat model “different” than those of the iPhone.

Yes both are built around XNU and both use APFS, but the “surface area” of attacks is far different across the platforms. For all we know, APFS bugs like these exist in iOS but haven’t been found because finding them would require rooting the phone to circumvent the sandbox model.

Apple doesn't have a dedicated MacOS development team anymore and laptops are normally harder to steal/gain access than phones. They have had quite a few security vulnerabilities in the past few months that anyone with physical access could exploit.