[lapcat]

On the other hand, not all new security vulnerabilities are backported either.

Do you think that new major OS versions introduce only fixes and not bugs?

I think version N-1 is a good balance between getting the fixes and avoiding the new bugs.

[p_ing]

If you can deal with known vulnerabilities and cross-reference all of Apple's CVE notes, more power to you. I can't say I have that much free time (Liquid Glass sucks, though).

[lapcat]

> cross-reference all of Apple's CVE notes

I never suggested that. But Apple itself prioritizes patches by severity when deciding what to backport.

Some issues are so severe that Apple occasionally releases a new security update for previous OS versions that no longer receive security updates otherwise.

A lot of issues are merely privilege escalation, which is not necessarily a big problem on a personal computer.