Q: Lion 10.7(.5) : Where is the patch for Secure Transport CVE-2015-1067 (FREAK) ?

None released for Lion. Just Mountain Lion and above.

Safari Version 6.1.6 (7537.78.2) - freak attack client test shows that my Safari browser is vulnerable:

https://freakattack.com/clienttest.html

I've talked to AppleCare support (valid until June 2015) and also submitted 'feedback' on the MacBook Pro.

Hoping they provide the Lion update soon.

Security updates are a must. If Apple decides they are too short on engineers to continue providing security updates for Lion, I'm ok with that but only if they give advance warning and a clear statement that Lion security updates will either no longer be produced or be produced with a lag. The problem is that upgrading to a new OS to get security updates is time consuming and disruptive.

So can we get a clear answer from Apple? Is Lion EOL for security updates? And can we get advance warning of EOL for Mountain Lion?

Agreed that Apple needs to be a bit clearer on their software EOL policy.

It looks like currently Apple is using an "N - 2" policy, that is, they are supporting the current version plus the prior 2 versions. That would match with them dropping Lion support when Yosemite was released. Yosemite made Lion the "N - 3" release.

If I were a betting man, I would expect that Mountain Lion will drop off the support window when the next release of OS X hit the streets, possibly in a year's time frame since Apple does seem to be on a 1 year OS X release cycle.

Another point to consider - Macs released before 2007 can not run Mountain Lion or later releases. (I have one of them - a late-2006 Core2 Duo iMac). All other Macs since then can be upgraded to Yosemite. That also may factor into why Apple is dropping support for Lion - the hardware that requires Lion is in the obsolete hardware list.

Seems there will be no more security updates for Lion The Safari Security Update from yesterday isn`t available for Lion. Goodbye Safari