Apple has pulled Safari 14.1 update for Mojave and Catalina (updated)

Included in the macOS updates this week was Safari version 14.1 for Mojave and Catalina (this was also included within Big Sur 11.3 update). Apple has pulled those Safari updates today, apparently because on those two versions of macOS the update breaks WebAuthN.

If you have already updated Safari to version 14.1, and are running Mojave or Catalina, Mr Macintosh says that reinstalling macOS 10.14.6 or 10.15.7 over your current macOS, then applying security updates should roll Safari back to version 14.0.3 without wiping current user data.

If you haven’t yet updated Safari to 14.1, then you should avoid doing so until Apple has fixed this problem [see update below]. If you’re running Big Sur, then this shouldn’t apply to you, as it’s not thought that the bug affects 11.3, although that isn’t yet confirmed. We could be in for an update to 11.3.1 in the not too distant future. [We got it, but for other reasons, apparently.]

Update 0530 UTC 5 May 2021

Apple has now released updated versions of Safari 14.1 for Mojave and Catalina, which address the two serious vulnerabilities which have just been fixed in Safari for Big Sur, and apparently address the bugs in the previous update. Full details are here.

Following update, the build number of Safari (and all its component frameworks, etc.) should be 14611. on Mojave, and 15611. on Catalina. I strongly advise anyone still running those two versions of macOS to update as soon as they can, and confirm the build number is correct.

Those running Big Sur should of course already have updated to 11.3.1, which brings its own WebKit and Safari update to address the two serious vulnerabilities. Don’t delay installing this update, as Apple believes that both of these vulnerabilities are already being actively exploited.

Thanks to Justin for drawing my attention to this.