hoakley May 2, 2021 Macs, Technology

Last Week on My Mac: When will macOS updates hurt less?

It’s what we all really wanted. The largest macOS update ever, a good gigabyte bigger than even the Catalina 10.15.1 update, and more than most major releases of Mac OS X, the Big Sur 11.3 update gives us what we’ve all been asking for: it fixes a lot of bugs. The trouble with getting what you want are the unintended consequences.

For a few, the 11.3 update has proved disastrous, with a clean re-install their only hope of salvation. For most of us, its sheer size has at least been compensated for by the relative brevity of updating. But for those who are more cautious and don’t rush to update, it poses a serious problem: buried in its avalanche of fixes and improvements is one to address a serious security vulnerability, which makes updating an urgent need. Choosing to stay on macOS 11.2.3 means that a lot of malware out there can completely bypass your Mac’s primary protection, Gatekeeper.

Patrick Wardle’s detailed explanation of this vulnerability is prefaced by the exhortation: “But first, go update your macOS systems to 11.3”. The only real alternative is to install and use his free BlockBlock. If you fail to update now and don’t use BlockBlock, then the first time your Mac encounters malware exploiting this vulnerability, it will fall victim to it. You’ll be pwned.

Using the popular strategy of waiting a few weeks after each update before installing it yourself now turns into a quandary. Is it better to run the risk of updating now, or that of malware making your Mac a victim?

One solution could be for Apple to start releasing Big Sur updates in two streams: security updates only, and full updates. Although this could help some who only want the former, in practice the inevitable overhead imposed by Big Sur probably wouldn’t help much. In any case, Apple takes pride in the previously high take-up of updates, and if there’s one feature that’s guaranteed to induce users to update, it’s a compelling security fix. Even those who follow the pack by a couple of versions might feel the need is overwhelming.

Our problem is that Big Sur updates are, as I warned, spiralling out of control. In that article, I showed a chart of cumulative sizes of macOS updates for Mojave, Catalina and Big Sur. Here it is updated for 11.3.

The red and yellow regression lines aren’t quite as steep as they were at the time of 11.2.3, but only halfway through the cycle, Big Sur’s updates have already surpassed those of the whole year of Mojave, and are reaching the final releases of Catalina, which was hardly slimline. Apple is now on track to release a total of more than 40 GB of updates to Big Sur for Intel Macs, and 60 GB for M1 Macs – you know, the models which are selling like hot cakes.

At the moment, we’re all rather too familiar with charts like that, from waves of Covid-19. Watching each new update to Big Sur push its lines up the chart is not too different from seeing your local or national Covid case rates rising: you know this is only going to escalate until someone does something about it. So far, there’s no sign of Apple doing anything to reduce overheads such as a complete set of current firmware installers for Intel Macs, and the dyld cache which is freshly provided in every macOS update.

Neither has Apple reinstated its previous longstanding service of providing standalone updaters. These were abandoned the moment that Big Sur was released: if you can’t update a Mac using Software Update, the only option now is to download a full installer app for that version of Big Sur. Instead of a user being able to download a delta update package of perhaps 6.5 GB for 11.3, that means 12.4 GB instead.

Apple’s response is no doubt to refer us to its Content Caching Server. For anyone with more than one Mac that’s now a no-brainer, but Big Sur updates are still hefty, as each M1 Mac has to download around 1 GB direct from Apple’s server rather than any local cache. Updating my four Macs from 11.2.3 to 11.3 required almost 9 GB from Apple – that’s nearly twice the size of the whole Sierra installer. If you want to take the 11.3 update to your elderly parents or a close friend, then bad luck, it can’t be done.

The 11.3 update addresses many of our concerns. It is rich with bug fixes, and has extensive release notes. But it’s now ten months since Apple started providing installers and updaters for Big Sur to large numbers of users, and their pain and grief aren’t going away.

18Comments

Add yours

1

Michele Galvagno on May 2, 2021 at 8:25 am

One important thing I noticed (and that you also mentioned once) is that if your Mac is not the newest (mine is from 2016) and it’s SSD has less than 200gb apparently free, it will start to have all sort of mysterious issues (which Apple advises to solve through a clean reinstall). Now…with the installers size rising you always need that space plus at least as much to perform the install before it gets cancelled from your space which makes me ask loudly to Apple: please stop this sick policy of starting devices with so small drives and stop sucking people dry with storage upgrades! I know I’m not the only one complaining about this but also that this will most probably fall on deaf ears…

Also, while your content caching server is a wonderful option, for those having just 1-2 Macs per household and not enough external drives to store the full installers AND internet stability being somewhat not guaranteed these days with all the increase in online activities, I think the best would be to have more frequent, smaller updates, max 1gb, to feed fixes in a safer way.

In general, while I like BigSur a true lot, my Mac is not the same, even after the macOS reinstall (not clean wipe)… it seems that after 4 years one should just stay where it is… either for disk space or for some other compatibility issues…

LikeLiked by 1 person
- 2
  
  hoakley on May 2, 2021 at 10:23 pm
  
  Thank you.
  Given the 1-2 GB overhead on every minor patch to Big Sur for M1 Macs, multiple minor releases would be even worse, as we saw with 11.2, 11.2.1, 11.2.2 and 11.2.3.
  Apple needs to slim down these updates and make them more efficient for everyone.
  Howard.
  
  LikeLiked by 1 person
3

David Byrum on May 2, 2021 at 1:38 pm

Quote “If you want to take the 11.3 update to your elderly parents or a close friend, then bad luck, it can’t be done.”

Isn’t it possible to use an app like “Install Disk Creator” (https://macdaddy.io/) to make an installer for Big Sur on a flash drive, a portable SSD or a spinning HD? Which could then be taken to install on any number of computers. Or am I missing something?

I certainly agree that the installers have become too big. The 12 + GB Installer for updating my MBP (2020) from Catalina to Big Sur took a touch over 3 hours to download on my 30 Mbps Internet connection in the late evening. When I tried to do it during the day, the predicted time was more than 10 hours.

LikeLiked by 1 person
- 4
  
  hoakley on May 2, 2021 at 1:45 pm
  
  Thank you.
  There is no such thing as an 11.3 updater. Apple doesn’t provide updaters for Big Sur, except through Software Update. Sure, you can put a complete 12 GB 11.3 installer, but that won’t update their System, it will replace it (and doesn’t alway connect correctly to their existing Data volume either). They can do the same thing in Recovery Mode, too – a full 12 GB download to replace not update their current System.
  But there’s no updater. Which is precisely what I have written.
  Howard.
  
  LikeLike
5

EcleX on May 2, 2021 at 3:39 pm

Thanks. You said: “Choosing to stay on macOS 11.2.3 means that a lot of malware out there can completely bypass your Mac’s primary protection, Gatekeeper”.

I thought that SilentKnight fixes that, updating macOS to prevent malware… Is that correct?

LikeLiked by 1 person
- 6
  
  hoakley on May 2, 2021 at 3:43 pm
  
  No. The only way to fix this for macOS 11.2.3 and earlier is to update macOS to 11.3. This is because there’s a bug in the macOS security system which provides malware developers a way to completely bypass Gatekeeper. No matter how up to date your security files are, it’s the system which needs to be updated to fix this bug.
  Howard.
  
  LikeLike
  - 7
    
    EcleX on May 2, 2021 at 3:58 pm
    
    Thanks. Or installing BlockBlock, as you said above. Right?
    
    LikeLiked by 1 person
    - 8
      
      hoakley on May 2, 2021 at 10:26 pm
      
      Yes, according to Patrick Wardle, BlockBlock will detect malware trying to bypass Gatekeeper.
      Howard.
      
      LikeLike
- 9
  
  Derek on May 3, 2021 at 12:42 am
  
  Am I right that the security hole is macOS 11.2.3 won’t warn you in a dialogue box that you are opening a downloaded file? But you still need to have downloaded the file from a dubious source and double click it first before being hit. I plan to wait another week or so before updating to 11.3 but will be extra careful downloading files, hope I understand the risk correctly.
  
  LikeLiked by 1 person
10

Joe R on May 2, 2021 at 3:51 pm

I am still using Mojave and I am as happy as a hog in a pile of sh*t.

LikeLiked by 1 person
11

Joey Jay on May 2, 2021 at 4:22 pm

If one wants to update one’s elderly parents to macOS 11.3, one can either just run Software Update on their machine or one can go over there with an 11.3 installer and put a fresh OS on their computer followed by a Migration Assistant to transfer their data and settings back from their Time Machine backup. If they don’t have enough disk space, don’t have a backup, have Internet that is too slow, or have a machine that won’t run 11.3, then you have bigger problems that need fixing first.

LikeLiked by 1 person
- 12
  
  hoakley on May 2, 2021 at 10:34 pm
  
  Thank you.
  I think you may be overlooking the huge number of Mac users who don’t enjoy urban high-speed Internet connections. The 11.3 update typically takes 3-4 hours to download here, and many have complained that server and other problems have forced them to have to make several attempts before they finally got an update to work.
  This is really simple stuff: prior to 11, Apple had a system which worked well for almost every user, including those with the problem of updating multiple VMs, and Macs which spend much of their time disconnected from the Internet. All Apple had to do was to maintain that service, including making standalone installers available for download. But it chose not to, and many users are affected by that, even if you don’t care about it or them.
  Howard.
  
  LikeLike
  - 13
    
    Joey Jay on May 3, 2021 at 3:16 pm
    
    Thank you for the reminder that not all of us have newer machines, reliable Internet, routine backups, and ample free disk space. However, anyone choosing to go deep-sea fishing in uncharted waters best be minimally equipped. An almost completely re-written operating system with a massive update on a new processor is a rare historical moment in computing technology, and best explored by the more experienced among us. I don’t think it makes much sense to encourage those with horses to try out the Autobahn.
    
    LikeLiked by 1 person
    - 14
      
      hoakley on May 3, 2021 at 3:42 pm
      
      If you think that macOS has been “almost completely re-written” you should read the open source components! When do you think that happened? Just curious, as there’s a whole load of really ancient code still in 11.3, and plenty of bugs going back before Mojave.
      As to M1 Macs being “best explored by the more experienced among us”, I’ll let you explain that one to Apple. I always thought that it aimed its products at the rest of us, not some self-appointed gig elite.
      Howard.
      
      LikeLiked by 1 person
15

Milo on May 3, 2021 at 10:28 am

I agree, that Apple should tackle this problem. Not everyone is lucky enough to have unmetered and reasonably fast Internet at home. Personally I’m annoyed enough by the monthly updates that I started to stay one macOS release behind the current release. I’m still on Catalina and will be upgrading to Big Sur probably in a month or two. The security updates on Catalina have been of reasonable size. Although that might change with Big Sur of course.

LikeLiked by 1 person
16

Michael Tsai - Blog - macOS 11.3 on May 3, 2021 at 4:02 pm

[…] Howard Oakley: […]

LikeLike
17

Tim on May 3, 2021 at 5:06 pm

It’s curious that M1 updates are so much bigger than x86 updates. In my experience, individual M1 executables are slightly *smaller* than the corresponding x86 ones. I wonder where all the extra mass is coming from?

LikeLiked by 1 person
- 18
  
  hoakley on May 3, 2021 at 5:11 pm
  
  Thank you.
  Both Intel and Apple Silicon updates are delivered as Universal binaries, so the update content itself is identical. Single-architecture Apple Silicon software is currently extremely rare on macOS: the only common example is, of course, Rosetta 2. The reason that M1 updates are invariably larger than Intel ones appears to be down to their overhead, in particular the dyld caches which every Big Sur update seems to come equipped with, and their firmware.
  If you use the Content Caching Server, you’ll no doubt have noticed that M1s have to download the first 1 GB of every update direct from Apple’s servers, while Intel Macs can obtain the whole update from the local server.
  Howard.
  
  LikeLike