Last Week on My Mac: Pretend it never happened

Keeping track of the news last week was a losing battle. Overlooking everything that’s being going on in the White House and across Europe, it’s been easy to become lost as to what’s been happening with macOS.

Just over a week ago, on 23 and 24 September, Apple released a brace of unexpected updates which quickly resulted in all sorts of problems. Those brought with the 10.15.7 update seem to have been relatively infrequent, and in most cases have now settled, but Mojave Security Update 2020-005 proved seriously bad for many who installed it.

Some detective work by Mr Macintosh, helped by my analyses of what was included in the update, pointed the finger at the recent Safari 14 update, which had been released on 16 September. It appeared that installing these in chronological order wreaked havoc on Mojave; reversing that, and installing the Security Update before Safari 14 seemed benign. Given that the Security Update included Safari 12.1.2 from last December, it looked as if this was a straightforward conflict in which the second update wrongly overwrote some of the files installed by the first.

Apple wasn’t exactly quick to pull the Security Update, but eventually did so, then re-released Safari 14 in a Supplemental Update not apparently available for separate download, and made Mojave Security Update 2020-005 available again. All without a word of explanation, let alone apology. The only additional piece of information which Apple has provided about this new Supplemental Update is that it contains Safari 14.0. Indeed, if you search for Mojave 10.14.6 Supplemental Update, you’ll still be offered one from 26 September 2019, almost exactly a year ago. Let’s hope you notice the year in its date before trying to install that by mistake.

mojaveupds

Provided that you can leave Software Update to sort out the mess that these updates have caused, the end result now seems sound. But if you can’t leave Software Update to handle this, Apple hasn’t provided any explanation, instructions or guidance as to which updates you should install, and in which order. Indeed, as far as I can see it hasn’t mentioned the Supplemental Update at all, and the Security Update page not only doesn’t mention that, but the date given is the same as that of the original.

Then on the same day that Apple seems to have fixed the chaos wrought by what should have been a routine Security Update, it released two updates to the security systems used by all Macs for many years, XProtect and its malware removal tool MRT. I then started to receive reports from those running High Sierra and earlier that the MRT update, to version 1.67, wasn’t being offered to their Macs at all.

I’ve been tracking updates to MRT for over four years now, since version 1.8 in El Capitan. You can view a list of links to those from version 1.39 onwards on my Product Page for SilentKnight and LockRattler.

Apple’s enthusiasm for MRT has come and gone over those years: in its early days, updates to MRT were pushed every month or so, and the malware which it could remove was named in plain text within its binary. In the first half of 2018, I compiled a list of the malware which could be removed by MRT up to version 1.35. By that time, Apple had started using codenames to identify malware detected by XProtect or removed by MRT. Then in the summer of 2018, Apple seems to have lost interest in both those tools, and didn’t offer an update to MRT for almost six months. This year, MRT has recovered its previous importance with updates often once every two weeks.

MRT isn’t just a grace and favour from Apple, it’s part of Apple Platform Security, as explained here, where it states that “The Malware Removal Tool (MRT) is an engine in macOS that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates).”

Only time – not Apple – will tell whether it has discontinued support for MRT in older versions of macOS, whether this is yet another installer failure, or whatever. But to tell users nothing, about an update which Apple won’t even acknowledge exists, drives them to go elsewhere to look for protection from malware. Who knows whether you can rely on Apple’s protection now?

Maybe in both cases, Apple is just hoping that everything else will drown their failure to communicate about two very serious issues in macOS. After all, to err is only human, but to explain isn’t in Apple’s remit.

10Comments

Add yours

1

Michele Galvagno on October 4, 2020 at 7:11 am

I’m currently on 10.15.7 and Safari 14. One thing I noticed is that every time I add a webpage to my favourites or bookmarks macOS (or probably just Safari) hangs with the spinning wheel for 3-4 seconds.
This is quite new to me.

LikeLiked by 1 person
- 2
  
  hoakley on October 4, 2020 at 10:56 am
  
  Thank you.
  I’ve had that for several versions now, but I have a great many bookmarks.
  Howard.
  
  LikeLiked by 1 person
3

EcleX on October 4, 2020 at 8:14 am

Thanks for the interesting article. As I said elsewhere in this site, installing macOS 11 Public Beta Big Sur in an external SSD connected to an older (iMac 27-inch 5K Retina; iMac18,3: Mid 2017) with an older macOS 10.12.6 (16G2136) Sierra, since the current one is macOS 10.15.7 (19H2), allows to update all firmware and security patches in such a Mac, as shown by SilentKnight when booting with the internal disk (Sierra) or external one (Big Sur Beta).

The “Apple – About This Mac – Software Update” always shows no updates in all cases (including the latest macOS versions, final or beta in such a Mac) and SilenKnight could not update either before installing the Big Sur Public Beta in the external disk, but installing such Public Beta in the external SSD did the trick updating everything in the Mac (firmware and security patches).

WARNING. I know that this kind of installation may have consequences (actually, any installation may have them!), including bricking the Mac, leaving it useless and requiring replacing the logic board. But here it is the experience for the record, in case that it might shed light on this mystery about macOS firmware and security updates failing on some macOS versions or Mac models.

LikeLiked by 1 person
4

Rob Menke on October 4, 2020 at 5:25 pm

lol,
It’s safer to be running on the Big Sur Beta.

LikeLiked by 1 person
5

cade on October 7, 2020 at 2:54 am

LockRattler shows:
softwareupdate[1594]: Triggering background check with forced scan (critical and config-data updates only) …
Software Update Tool

Finding available software
Software Update found the following new or updated software:
* Safari14.0MojaveAuto-10.14.6
macOS Supplemental Update (10.14.6), 67310K [recommended] [restart]
objc[1617]: Class AMSupportURLConnectionDelegate is implemented in both /System/Library/PrivateFrameworks/EmbeddedOSInstall.framework/Versions/A/EmbeddedOSInstall (0x1147a7c58) and /System/Library/PrivateFrameworks/OSPersonalization.framework/Versions/A/OSPersonalization (0x114606358). One of the two will be used. Which one is undefined.

Those last 2 sentences are what make me take a long pause: “One of the two will be used. Which one is undefined.”

I went through the first released update a few days back before it got yanked, used Silent Knight to do that.

My iMac 27″ 5K late 2015 started flickering white screen tonight, so I reset SMU, NVRAM/PRAM and it seems okay now (for how long though?).

Will back up then after I check back here will install the new, replaced updates — unless I shouldn’t?

Not sure what the heck to do. Advice welcome. Thanks!

LikeLiked by 1 person
- 6
  
  hoakley on October 7, 2020 at 8:17 am
  
  Thank you. I’m puzzled why you’re using the background check, which is slower and less reliable. Much better to install the update(s) you want.
  This isn’t an error as such, but a warning. It was introduced by the combination of Safari 14.0 and Mojave Security Update 2020-005, and is fixed by installing the Supplemental Update which is being offered to you, which re-installs Safari 14 without the same problems.
  Howard.
  
  LikeLike
7

cade on October 7, 2020 at 10:06 am

I guess I don’t know how to use Lock Rattler properly since that was the first button in the update sequence. Should I just use Silent Knight instead? Sorry, confused. thanks.

LikeLiked by 1 person
- 8
  
  hoakley on October 7, 2020 at 10:30 am
  
  Don’t worry – I’m going to write a masterclass for Friday explaining it all.
  Howard
  
  LikeLike
9

hatoncat on November 4, 2020 at 9:20 am

This is why I’ve decided after two decades to socially distance from Macintosh.

Even Microsoft provides detailed incident reports of Windows 10 issues now. OEMs provide detailed UEFI BIOS updates. Dell and Lenovo issued BIOS updates in the past year for my 2014-era laptops, and tell me exactly what Intel-related security errata they are patching.

Apple doesn’t seem to think users care. And they probably don’t generally. I do, and I’m done with them until they do care.

LikeLiked by 1 person
- 10
  
  hoakley on November 4, 2020 at 10:00 am
  
  I’m sorry to hear that, and hope that you enjoy Windows.
  Howard.
  
  LikeLike