Keeping track of the news last week was a losing battle. Overlooking everything that’s being going on in the White House and across Europe, it’s been easy to become lost as to what’s been happening with macOS.
Just over a week ago, on 23 and 24 September, Apple released a brace of unexpected updates which quickly resulted in all sorts of problems. Those brought with the 10.15.7 update seem to have been relatively infrequent, and in most cases have now settled, but Mojave Security Update 2020-005 proved seriously bad for many who installed it.
Some detective work by Mr Macintosh, helped by my analyses of what was included in the update, pointed the finger at the recent Safari 14 update, which had been released on 16 September. It appeared that installing these in chronological order wreaked havoc on Mojave; reversing that, and installing the Security Update before Safari 14 seemed benign. Given that the Security Update included Safari 12.1.2 from last December, it looked as if this was a straightforward conflict in which the second update wrongly overwrote some of the files installed by the first.
Apple wasn’t exactly quick to pull the Security Update, but eventually did so, then re-released Safari 14 in a Supplemental Update not apparently available for separate download, and made Mojave Security Update 2020-005 available again. All without a word of explanation, let alone apology. The only additional piece of information which Apple has provided about this new Supplemental Update is that it contains Safari 14.0. Indeed, if you search for Mojave 10.14.6 Supplemental Update, you’ll still be offered one from 26 September 2019, almost exactly a year ago. Let’s hope you notice the year in its date before trying to install that by mistake.
Provided that you can leave Software Update to sort out the mess that these updates have caused, the end result now seems sound. But if you can’t leave Software Update to handle this, Apple hasn’t provided any explanation, instructions or guidance as to which updates you should install, and in which order. Indeed, as far as I can see it hasn’t mentioned the Supplemental Update at all, and the Security Update page not only doesn’t mention that, but the date given is the same as that of the original.
Then on the same day that Apple seems to have fixed the chaos wrought by what should have been a routine Security Update, it released two updates to the security systems used by all Macs for many years, XProtect and its malware removal tool MRT. I then started to receive reports from those running High Sierra and earlier that the MRT update, to version 1.67, wasn’t being offered to their Macs at all.
I’ve been tracking updates to MRT for over four years now, since version 1.8 in El Capitan. You can view a list of links to those from version 1.39 onwards on my Product Page for SilentKnight and LockRattler.
Apple’s enthusiasm for MRT has come and gone over those years: in its early days, updates to MRT were pushed every month or so, and the malware which it could remove was named in plain text within its binary. In the first half of 2018, I compiled a list of the malware which could be removed by MRT up to version 1.35. By that time, Apple had started using codenames to identify malware detected by XProtect or removed by MRT. Then in the summer of 2018, Apple seems to have lost interest in both those tools, and didn’t offer an update to MRT for almost six months. This year, MRT has recovered its previous importance with updates often once every two weeks.
MRT isn’t just a grace and favour from Apple, it’s part of Apple Platform Security, as explained here, where it states that “The Malware Removal Tool (MRT) is an engine in macOS that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates).”
Only time – not Apple – will tell whether it has discontinued support for MRT in older versions of macOS, whether this is yet another installer failure, or whatever. But to tell users nothing, about an update which Apple won’t even acknowledge exists, drives them to go elsewhere to look for protection from malware. Who knows whether you can rely on Apple’s protection now?
Maybe in both cases, Apple is just hoping that everything else will drown their failure to communicate about two very serious issues in macOS. After all, to err is only human, but to explain isn’t in Apple’s remit.