{{short description|Process of changing installed software to newer versions}} {{about|software updates in general|the discontinued macOS component|Apple Software Update}}
'''Software update''' is the process of changing installed software with the intent to make it more modern. It also refers to the stored data used to update software. When storage was significantly more expensive, patching files was the dominant form of update. With the advent of larger distribution storage media and higher Internet bandwidth, it became common to replace entire files instead of patching.
An update may require prior application of other updates, or may require prior or concurrent updates to multiple components. To facilitate updates, operating systems often provide automatic or semi-automatic updating facilities. Package management systems and app stores can offer update automation.
An update can be any size. An update can be relatively large when the changes add or replace data such as graphics and sound files, for example for a game update. An update usually takes less time to run than an initial installation of the software.
Although often intended to upgrade, an update may instead degrade. An update may include unintentional regression problems. In some cases, an update intentionally disables functionality, for instance, by removing aspects for which the consumer is no longer licensed.
==Management== [[File:Brave 1.57.62.0 Software Update on macOS 11.7.7.png|thumb|A Sparkle software update prompt on macOS]]
{{See also|Category:Software update managers|Push technology|Pull technology|Software verification}}
Software update systems allow for updates to be managed by users and software developers. In the 2017 Petya cyberpandemic, the financial software "MeDoc"'s update system is said to have been compromised to spread malware via its updates.<ref>{{cite web|last1=Thomson|first1=Iain|title=Virus (cough, cough, Petya) goes postal at FedEx, shares halted|website=The Register|url=https://www.theregister.co.uk/2017/06/28/fedex_tnt_express_virus_attack/|access-date=29 June 2017|archive-date=1 July 2017|archive-url=https://web.archive.org/web/20170701083047/https://www.theregister.co.uk/2017/06/28/fedex_tnt_express_virus_attack/|url-status=live}}</ref><ref>{{cite web|title=New Petya Distribution Vectors Bubbling to Surface|url=https://threatpost.com/new-petya-distribution-vectors-bubbling-to-surface/126577/|publisher=Threatpost|access-date=29 June 2017|date=28 June 2017|archive-date=28 June 2017|archive-url=https://web.archive.org/web/20170628194924/https://threatpost.com/new-petya-distribution-vectors-bubbling-to-surface/126577/|url-status=live}}</ref> On the Tor Blog, cybersecurity expert Mike Perry states that deterministic, distributed builds are likely the only way to defend against malware that attacks the software development and build processes to infect millions of machines in a single, officially signed, instantaneous update.<ref>{{cite web|title=Deterministic Builds Part One: Cyberwar and Global Compromise {{!}} The Tor Blog|url=https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise|website=blog.torproject.org|access-date=11 July 2017|language=en|archive-date=23 June 2017|archive-url=https://web.archive.org/web/20170623204246/https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise|url-status=live}}</ref> Update managers also allow for security updates to be applied quickly and widely. Update managers of Linux such as Synaptic allow users to update all software installed on their machine. Applications like Synaptic use cryptographic checksums to verify source/local files before they are applied to ensure fidelity against malware.<ref>{{cite book|last1=Proffitt|first1=Brian|title=Introducing Ubuntu: Desktop Linux|date=2008|publisher=Cengage Learning|isbn=978-1598637656|url=https://books.google.com/books?id=Fe8LAAAAQBAJ&pg=PA141|access-date=11 July 2017|language=en}}</ref><ref>{{cite book|last1=Magazines|first1=S. P. H.|title=HWM|date=2007|publisher=SPH Magazines|url=https://books.google.com/books?id=G-sDAAAAMBAJ&pg=PT96|access-date=11 July 2017|language=en}}</ref>
Automatic updating has become more widespread over time. Some cite a cause of its prevalence to be due to Windows support in early 2000s. Service Pack 2 of Windows XP (available in 2004) enabled it by default.
==Classification== Updates are classified many ways. Notable classifications in alphabetical order follow.
===Hotfix=== {{Excerpt|Hotfix}}
===Malicious update=== Cybercriminals can use a number of methods to send fake software updates which include malware. Methods to distribute this type of malicious software include emails and pop-up windows.<ref>{{Cite web |date=2021-07-23 |title=How to Identify Fake Software Updates |url=https://www.man-sys.co.uk/how-to-identify-fake-software-updates/ |access-date=2026-03-08 |website=Mansys}}</ref> A report by the American Civil Liberties Union has suggested that state actors have attempted to include code, for surveillance purposes, in software updates sourced from legitimate companies and software developers, traditionally considered to be safe and reliable.<ref>{{cite web|url=https://www.aclu.org/how-malicious-software-updates-endanger-everyone|title=How Malicious Software Updates Endanger Everyone|publisher=|website=American Civil Liberties Union}}</ref><ref>{{Cite web |last=Cluley |first=Graham |date=2018-06-25 |title=Beware Malicious Software Updates for Legitimate Apps |url=https://www.bitdefender.com/en-gb/blog/businessinsights/malicious-software-updates-legitimate-apps |access-date=2026-03-08 |website=Bitdefender Blog |language=en-gb}}</ref>
===Patch=== {{Excerpt|Patch (computing)}}
===Patch release=== {{Excerpt|Patch release}}
===Program temporary fix=== {{Excerpt|Program temporary fix}}
==={{Anchor|SECURITY}}Security patch=== A ''security patch'' is a change to correct the weakness described by a vulnerability. The corrective action prevents successful exploitation and removes or mitigates a threat's capability to exploit a specific vulnerability. Patch management is a part of vulnerability management{{snd}} the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month ("patch Tuesday"), and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure.
These security patches are critical to ensure that business process does not get affected. In 2017, companies were struck by a ransomware called WannaCry which encrypts files in certain versions of Microsoft Windows and demands a ransom via BitCoin. In response to this, Microsoft released a patch which stops the ransomware from running.
===Service pack=== {{Excerpt|Service pack}}
===Unofficial patch=== {{Excerpt|Unofficial patch}}
===Video game patch{{anchor|GAMING}}=== A video game receives an update (often called a patch) to fix problems and to change features such as change game rules and algorithms. These updates may be prompted by the discovery of exploits in the multiplayer game experience that can be used to gain unfair advantages over other players. Extra features and gameplay tweaks can often be added. These kinds of updates are common in first-person shooters with multiplayer capability, and in MMORPGs, which are typically very complex with large amounts of content, almost always rely heavily on updates following the initial release, where updates sometimes add new content and abilities available to players. Because the balance and fairness for all players of an MMORPG can be severely corrupted within a short amount of time by an exploit, servers of an MMORPG are sometimes taken down with short notice to apply a critical fix.
Companies sometimes release games knowing that they have bugs. ''Computer Gaming World''{{'}}s Scorpia in 1994 denounced "companies—too numerous to mention—who release shoddy product knowing they can get by with patches and upgrades, and who make {{'}}''pay''-testers of their customers".<ref name="cgw199404">{{Cite magazine |author=Scorpia |date=April 1994 |title=So You Want To Be A Hero? |department=Scorpion's View |url=http://www.cgwmuseum.org/galleries/index.php?year=1994&pub=2&id=117 |magazine=Computer Gaming World |pages=54–58}}</ref>
==Process== thumb|The firmware of a Fuji Instax Liplay being updated Software update processes vary dramatically. Some notable processes are described here.
===Firmware update=== Updating firmware (i.e. motherboard BIOS) can be challenging when it involves replacing the entire image on the hardware. As such, an error or interruption during the update process, such as loss of power, may render the hardware unusable.
An update, a binary image, is often installed via a supplier-provided program that overwrite the existing image with another. This program may safeguard against serious damage. For example, the update procedure could make and keep a backup of the firmware in case it determines that the primary copy is corrupt (i.e. via a checksum).
===Limited release=== In the cases of large updates or of significant changes, distributors often limit availability of updates to qualified developers as a beta test.
=== {{Anchor|HOT-PATCHING}}Hot patching === '''Hot patching''', also known as ''live patching'' or dynamic software updating, is the application of patches without shutting down and restarting the system or the program concerned. This addresses problems related to unavailability of service provided by the system or the program.<ref>{{cite web|url=http://www.oracle.com/technology/oramag/oracle/07-sep/o57field.html |title=Oracle Magazine |publisher=Oracle.com |access-date=2013-01-04 |url-status=dead |archive-url=https://web.archive.org/web/20080514023816/http://www.oracle.com/technology/oramag/oracle/07-sep/o57field.html |archive-date=2008-05-14 }}</ref> Method can be used to update Linux kernel without stopping the system.<ref>{{Cite web|url=https://developer.ibm.com/technologies/linux/tutorials/live-patching-the-linux-kernel/|title=Live patching the Linux kernel|access-date=2020-10-25|archive-date=2020-10-28|archive-url=https://web.archive.org/web/20201028205715/https://developer.ibm.com/technologies/linux/tutorials/live-patching-the-linux-kernel/|url-status=live}}</ref><ref>{{Cite web|url = https://www.infosecurity-magazine.com/blogs/linux-kernel-live-patching/|title = Linux Kernel Live Patching: What It is and Who Needs It|date = 6 March 2020|access-date = 25 October 2020|archive-date = 28 October 2020|archive-url = https://web.archive.org/web/20201028225835/https://www.infosecurity-magazine.com/blogs/linux-kernel-live-patching/|url-status = live}}</ref> A patch that can be applied in this way is called a ''hot patch'' or a ''live patch''. This is becoming a common practice in the mobile app space.<ref>{{Cite web|url=https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html|title=Hot or Not? The Benefits and Risks of iOS Remote Hot Patching « Threat Research Blog|website=FireEye|access-date=2016-10-26|archive-date=2016-10-26|archive-url=https://web.archive.org/web/20161026231914/https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html|url-status=live}}</ref> Companies like Rollout.io use method swizzling to deliver hot patches to the iOS ecosystem.<ref>{{Cite web|url=https://techcrunch.com/2015/09/22/rollout-io-puts-mobile-developers-back-in-control-of-their-apps/|title=Rollout.io Puts Mobile Developers Back In Control Of Their Apps|last=Perez|first=Sarah|website=TechCrunch|date=22 September 2015|access-date=2016-10-26|archive-date=2016-11-27|archive-url=https://web.archive.org/web/20161127111451/https://techcrunch.com/2015/09/22/rollout-io-puts-mobile-developers-back-in-control-of-their-apps/|url-status=live}}</ref> Another method for hot-patching iOS apps is JSPatch.<ref>{{Cite web|url=https://github.com/bang590/JSPatch|title=bang590/JSPatch|website=GitHub|access-date=2016-10-26|archive-date=2017-01-04|archive-url=https://web.archive.org/web/20170104083231/https://github.com/bang590/JSPatch|url-status=live}}</ref>
Cloud providers often use hot patching to avoid downtime for customers when updating underlying infrastructure.<ref>{{Cite web|url=https://techcommunity.microsoft.com/t5/Azure-SQL-Database/Hot-Patching-SQL-Server-Engine-in-Azure-SQL-Database/ba-p/849700|title=Hot Patching SQL Server Engine in Azure SQL Database|date=2019-09-11|website=Techcommunity Microsoft|language=en|access-date=2019-09-15|archive-date=2019-09-13|archive-url=https://web.archive.org/web/20190913154715/https://techcommunity.microsoft.com/t5/Azure-SQL-Database/Hot-Patching-SQL-Server-Engine-in-Azure-SQL-Database/ba-p/849700|url-status=live}}</ref>
===Slipstreaming=== ''Slipstreaming'' is the act of integrating updates into the installation files of their original app, so that the result allows a direct installation of the updated app.<ref>{{cite web|last1=Karp|first1=David|title=Build an XP SP3 Recovery Disc|url=https://www.pcmag.com/article2/0,2817,2325399,00.asp|website=PC Magazine|publisher=Ziff Davis|date=14 July 2008|access-date=7 September 2017|archive-date=9 January 2018|archive-url=https://web.archive.org/web/20180109030902/https://www.pcmag.com/article2/0,2817,2325399,00.asp|url-status=live}}</ref><ref>{{cite web|last1=Thurrott|first1=Paul|title=Slipstreaming Windows XP with Service Pack 3 (SP3)|url=http://winsupersite.com/article/windows-xp2/slipstreaming-windows-xp-with-service-pack-3-sp3-128464|website=Supersite for Windows|publisher=Penton|date=7 May 2008|access-date=3 December 2016|archive-date=11 December 2016|archive-url=https://web.archive.org/web/20161211020909/http://winsupersite.com/article/windows-xp2/slipstreaming-windows-xp-with-service-pack-3-sp3-128464|url-status=live}}</ref>
The nature of slipstreaming means that it involves an initial outlay of time and work, but can save a lot of time (and, by extension, money) in the long term. This is especially significant for administrators that are tasked with managing a large number of computers, where typical practice for installing an operating system on each computer would be to use the original media and then update each computer after the installation was complete. This would take a lot more time than starting with a more up-to-date (slipstreamed) source, and needing to download and install the few updates not included in the slipstreamed source.
However, not all updates can be applied in this fashion and one disadvantage is that if it is discovered that a certain update is responsible for later problems, that update cannot be removed without using an original, non-slipstreamed installation source.
== See also == * {{Annotated link|Automatic bug fixing}} * {{Annotated link|Backporting}} * {{Annotated link|Delta encoding}} * {{Annotated link|Dribbleware}} * {{Annotated link|Patch (Unix)}} * {{Annotated link|Porting}} * {{Annotated link|Software maintenance}} * {{Annotated link|Software release life cycle}} * {{Annotated link|SMP/E}} * {{Annotated link|Upgrade}} * {{Annotated link|Vulnerability database}} * {{Annotated link|White hat (computer security)}}
== References == {{Reflist}}
Category:Software maintenance Category:Software release