hoakley November 5, 2020 Macs, Technology, Updates

Apple has released Catalina 10.15.7 Supplemental Update

Apple has just released macOS Catalina 10.15.7 Supplemental Update, which weighs in at around 1.2 GB and includes important security fixes for two kernel vulnerabilities and a FontParser bug. All three of these are currently being exploited in the wild, which explains the urgency in patching them.

It’s currently available via Software Update. As soon as I have a link to the standalone installer package I will update this article, but as of 2105 UTC I can’t find any. Details of the three security fixes it includes are given here.

There are no changes in version or build number of any of the bundled apps, nor are there in any of the significant contents of /System/Library. There don’t appear to be any firmware updates, at least not for Macs with a T2 chip. This suggests that this quite hefty update is mainly a new kernel, which isn’t bad for more than a GB!

One significant feature of this update is that it reverts MRT to an old version, around 1.62. Immediately after updating you’ll want to run SilentKnight or LockRattler to restore MRT to its current version 1.69.3. For the record, on this occasion I used the latest version of SilentKnight to download the MRT update then installed it manually by double-clicking the Installer package. This worked fine, and even ran the new MRT for its initial scans just as if it had been installed by softwareupdate.

HT to Mr Macintosh for the warning.
Updated 2110 UTC 5 November 2020.

14Comments

Add yours

1

Ben Kennedy on November 5, 2020 at 7:56 pm

1.2 GB for a couple of security patches? WTH?!

LikeLiked by 1 person
2

Stephen on November 5, 2020 at 9:46 pm

Is there any indication whether macOS Mojave would be receiving a Supplemental Update to address the three zero-days as well?

LikeLiked by 1 person
- 3
  
  hoakley on November 5, 2020 at 9:53 pm
  
  Apple never gives such indications. I don’t know whether those bugs exist in Mojave. They may be fixed in the next security update, which is likely with or shortly after the release of 11.0. Maybe.
  Howard.
  
  LikeLike
- 4
  
  jerryfrit on November 6, 2020 at 2:51 am
  
  On that hunch I fired up my Mojave VM, but it gave me no alerts.
  
  LikeLiked by 1 person
5

John Gilbert on November 5, 2020 at 10:42 pm

This may be a silly question. You said: “For the record, on this occasion I used the latest version of SilentKnight to download the MRT update then installed it manually by double-clicking the Installer package.”

I am trying this with the supplemental update. I used SK to download the update. But there are 7 packages in /Library/Updates/001-73001. Do I just run the one called macOSUpd10.15.7Supplemental.pkg and ignore the others?

LikeLiked by 1 person
- 6
  
  hoakley on November 5, 2020 at 11:05 pm
  
  Ah. Perhaps I should have pointed out that this works most easily with the simple updates like XProtect and MRT, which come as single packages. Supplemental and more substantial updates come in multiple packages, and I don’t know which one you should install to make the others work in sequence, I’m afraid.
  Howard.
  
  LikeLike
  - 7
    
    John Gilbert on November 6, 2020 at 1:53 am
    
    Got it. I will take care with the bigger updates. Thanks for that.
    
    LikeLiked by 1 person
  - 8
    
    Ed on November 6, 2020 at 10:20 am
    
    I thought I’d give updating by SilentKnight a try on my second Mac and clicked “Install all updates” but, like it says in the reference, the only feedback is the spinner and it took a LONG time; much longer than on my first Mac where I used the normal update mechanism, which downloads and then restarts to start the install.
    
    So, two things: I thought it was strange that it took much longer (20 minutes versus maybe an hour when it still seemed busy) and I couldn’t tell if it was actually updating; wouldn’t that have needed a restart to begin? I was reluctant to break it off, because how would that work out if it was in the middle of updating after all? In the end, after an hour or so, I did manually restart while SilentKnight still seemed busy and happily all seemed fine after that. However, the update hadn’t installed yet (unsurprisingly), so I used the normal mechanism to do it.
    
    All in all, I think I may forego using the “Install all updates” button in future. SilentKnight is still extremely useful and greatly appreciated as an update status monitoring tool! Thanks.
    
    LikeLiked by 1 person
    - 9
      
      hoakley on November 6, 2020 at 1:26 pm
      
      This is why SilentKnight lists the updates that are available.
      What I do is look at those, which also give their sizes. If there’s a substantial security or macOS update waiting, then I install that using Software Update, then when my Mac is running again I run SilentKnight again and pick up any remaining updates.
      More frequently, any updates waiting are the small ‘silent’ security updates which are what SilentKnight is designed to manage. Those are ideally downloaded and installed using SilentKnight.
      SilentKnight doesn’t use its own method of obtaining these updates – there isn’t one which works, other than using the command tool softwareupdate, which is exactly what you could do in Terminal. Why there was such a discrepancy in times I don’t know, though.
      Howard.
      
      LikeLike
10

Alberto.G on November 6, 2020 at 1:15 pm

Dear Howard, I inform you that it was NOT necessary for me to “force” MRT to its current version 1.69.3. I have already found it installed automatically, after the latest additional update of Catalina 10.15.7, released yesterday by Apple. Greetings and, as always, thank you so much for your work! Alberto

LikeLiked by 1 person
- 11
  
  hoakley on November 6, 2020 at 1:29 pm
  
  Thank you, Alberto. That’s why SilentKnight checks the versions for you. Sometimes macOS will perform this update on its own, sometimes it doesn’t.
  Howard.
  
  LikeLike
12

Larry Nolan on November 6, 2020 at 7:44 pm

Just to let you know that I successfully installed the 10.15.7 Supplemental update. After restarting I ran SilentKnight and brought MRT up to date with 1.69.3 . I use a iMac (18,2) from 2017.

LikeLiked by 1 person
- 13
  
  hoakley on November 6, 2020 at 11:57 pm
  
  Excellent!
  Howard.
  
  LikeLike
14

Tux on November 7, 2020 at 4:03 pm

Setting a custom login screens broke again!

LikeLiked by 1 person