Both my utilities for checking and installing Apple’s silent and pushed security updates, LockRattler and SilentKnight, run on El Capitan and later versions of macOS, but I seldom hear from users running older versions. Recently, a couple of those still using El Capitan have remarked that SilentKnight appears to return erroneous information. I’m trying to discover why.
SilentKnight – which automates the same checks in LockRattler and compares results against my database of current versions – does a relatively simple job. When you open the app, it checks currently installed versions of known security data files. It fetches a Property List from my GitHub site, which lists the expected versions, and compares the results it obtained with those it should expect. It does a rather more complex job with EFI firmware versions which I’ll gloss over here.
Its last step is to check with Apple’s servers for any available “system data files and security updates”, as Apple terms them in the Advanced sheet of the Software Update pane. If the servers offer updates, you can then download and install them.
One SilentKnight user, for example, has Macs running Mojave and Catalina, and a lovely old Mac mini which is stuck on El Capitan and can’t go any further. It’s that latter system which worries me: it appears to have stopped being pushed security updates back in May 2019, and is now well out of date. Here’s a screenshot:
As you can see, the XProtect, Gatekeeper and MRT versions are frozen as they were back in May 2019. The last installed updates to them were on 12 May 2019, but SilentKnight isn’t able to get Apple’s servers to offer anything more recent than those. SilentKnight is connecting correctly with those update servers, though – if you block its outgoing connection or it fails, it should return an error, sometimes after waiting for a very long timeout first.
I also hear occasionally from other SilentKnight and LockRattler users that they’re stuck on out of date versions of some of these important protections. This can occur, for instance, when an older Mac is upgraded to an unsupported version of macOS, such as High Sierra or Mojave. Again, their updates cease, and no more are offered by Apple’s servers.
At present, I’ve only heard of a handful of cases, but sufficient to make me wonder whether Apple has discontinued support for some or all of these older systems. I can’t see any article or other information from Apple which informs users (or developers) of this practice. But if this is what is happening, users need to be aware that, for example, they no longer enjoy current protection, particularly in Gatekeeper, which could leave their Macs vulnerable.
If you’re running either SilentKnight or LockRattler on such an older system, or on a version of macOS which isn’t supported on that model, please let us know whether you’re still receiving security updates. There are many of us who’d like to know.
If you’d like to download either of these free tools, they’re available from their Product Page and have extensive built-in Help.
Thanks to David for raising this, for providing the screenshot above, and for allowing me to use it.