Only for security vulnerabilities that "Apple is aware may have been actively exploited". And almost never for any bug fixes (and sadly, Apple now tends to push off bug fixes to the next major release/"n+1" rather than fix bugs in the major version in which they were introduced).
I don't understand why I'm downvoted. I don't think it's acceptable to keep a machine with known vulnerabilities "not yet actively exploited" for "most common uses". The defense of Apple here goes too far.
