What went wrong with Mojave Security Update 2020-005, and Catalina 10.15.7?

Last week, on 24 September, Apple released a set of surprise updates which have left some Mac users not just surprised but thoroughly shocked. The most substantial update of the three brings macOS Catalina to version 10.15.7, with relatively minor changes. But the one which has caused more frequent problems was an apparently minor Security Update for macOS Mojave.

Catalina 10.15.7

You can read my detailed analysis of what this changes here. Although that’s more extensive than reported by Apple in its release notes and security release notes, it doesn’t account for some of the strange behaviours seen when a Mac logs in the first user after performing the update.

Here, as soon as I logged back in, macOS decided fortuitously to open apps which had been closed well before the update was installed. Among those was SilentKnght, which immediately reported that MRT had been downgraded to version 1.62, which had been released on 11 June 2020. Immediately prior to the update, MRT 1.66 had been present.

Opening some System Preferences panes was also deranged: Software Update, for example, was completely blank. This may relate to the minor update made to Software Update.app and to its frameworks, and later settled. I used SilentKnight to download the available update to MRT, which brought it back to version 1.66, and since then my system has performed normally.

Analysing the standalone installer fails to show any copy of MRT for installation, suggesting this was only installed if you used Software Update, and Gatekeeper versions were also those current. The version of APFS available in the standalone installer is 1412.141.1, the same as that installed in the 10.15.6 Supplemental Update.

Any glitches from the 10.15.7 update should therefore be minor. At worst, they should resolve by starting up in Safe mode, waiting a couple of minutes, then restarting normally. Apart from the anomaly with MRT, the 10.15.7 update looks fundamentally sound. That doesn’t of course mean that it will always work perfectly.

Mojave Security Update 2020-005

There have been a lot of reports of problems resulting from what should have been just a minor security update. One potential reason is that this, and its matching High Sierra Security Update, seem to install a BridgeOS update on Macs equipped with T2 chips. That brings the iBridge version to 17.16.16610.0.0, the same as that installed with the 10.15.6 Supplemental Update on 12 August 2020.

Looking through the standalone updater:

  • it includes Safari 12.1.2 from last December, not 14.0, but shouldn’t downgrade those Macs which have already been upgraded to the new version;
  • also included is MRT version 1.52 dating from 7 January 2020;
  • the version of XProtect data included is 2111, which also dates from 7 January 2020;
  • the version of APFS supplied is 945.275.9, which has barely changed since security update 2019-001, when it was 945.275.8;
  • there’s a new kernel and a complete set of kernel extensions, although few of those are likely to have changed.

Mr Macintosh has given a full account of the range of problems encountered by some who have installed this Security Update. Until Apple replaces it with a revised release, users are wisest not to install it.

If you have already installed it and are still having problems, you may be able to roll back to a snapshot taken just before the update was installed. If not, then the best solution is to download and install Apple’s current Mojave from the App Store. The snag with that is that you’ll probably find running that installer results in an error. In that case, use the installer to create a bootable installer, for example on a USB ‘stick’, boot from that, and install it. Alternatively, restart in Recovery mode and re-install your existing macOS from there.

What went wrong?

Although Apple shouldn’t have released these updates with the faults which have now become obvious, building updaters like this is an extremely complex process. There’s a lot which can go wrong, and here’s another example of where it has done so. Perhaps the most apposite comment is that made in a tweet by Brandon Dail the day after the updates were released: