Last Week on My Mac: When will macOS updates hurt less?

It’s what we all really wanted. The largest macOS update ever, a good gigabyte bigger than even the Catalina 10.15.1 update, and more than most major releases of Mac OS X, the Big Sur 11.3 update gives us what we’ve all been asking for: it fixes a lot of bugs. The trouble with getting what you want are the unintended consequences.

For a few, the 11.3 update has proved disastrous, with a clean re-install their only hope of salvation. For most of us, its sheer size has at least been compensated for by the relative brevity of updating. But for those who are more cautious and don’t rush to update, it poses a serious problem: buried in its avalanche of fixes and improvements is one to address a serious security vulnerability, which makes updating an urgent need. Choosing to stay on macOS 11.2.3 means that a lot of malware out there can completely bypass your Mac’s primary protection, Gatekeeper.

Patrick Wardle’s detailed explanation of this vulnerability is prefaced by the exhortation: “But first, go update your macOS systems to 11.3”. The only real alternative is to install and use his free BlockBlock. If you fail to update now and don’t use BlockBlock, then the first time your Mac encounters malware exploiting this vulnerability, it will fall victim to it. You’ll be pwned.

Using the popular strategy of waiting a few weeks after each update before installing it yourself now turns into a quandary. Is it better to run the risk of updating now, or that of malware making your Mac a victim?

One solution could be for Apple to start releasing Big Sur updates in two streams: security updates only, and full updates. Although this could help some who only want the former, in practice the inevitable overhead imposed by Big Sur probably wouldn’t help much. In any case, Apple takes pride in the previously high take-up of updates, and if there’s one feature that’s guaranteed to induce users to update, it’s a compelling security fix. Even those who follow the pack by a couple of versions might feel the need is overwhelming.

Our problem is that Big Sur updates are, as I warned, spiralling out of control. In that article, I showed a chart of cumulative sizes of macOS updates for Mojave, Catalina and Big Sur. Here it is updated for 11.3.

The red and yellow regression lines aren’t quite as steep as they were at the time of 11.2.3, but only halfway through the cycle, Big Sur’s updates have already surpassed those of the whole year of Mojave, and are reaching the final releases of Catalina, which was hardly slimline. Apple is now on track to release a total of more than 40 GB of updates to Big Sur for Intel Macs, and 60 GB for M1 Macs – you know, the models which are selling like hot cakes.

At the moment, we’re all rather too familiar with charts like that, from waves of Covid-19. Watching each new update to Big Sur push its lines up the chart is not too different from seeing your local or national Covid case rates rising: you know this is only going to escalate until someone does something about it. So far, there’s no sign of Apple doing anything to reduce overheads such as a complete set of current firmware installers for Intel Macs, and the dyld cache which is freshly provided in every macOS update.

Neither has Apple reinstated its previous longstanding service of providing standalone updaters. These were abandoned the moment that Big Sur was released: if you can’t update a Mac using Software Update, the only option now is to download a full installer app for that version of Big Sur. Instead of a user being able to download a delta update package of perhaps 6.5 GB for 11.3, that means 12.4 GB instead.

Apple’s response is no doubt to refer us to its Content Caching Server. For anyone with more than one Mac that’s now a no-brainer, but Big Sur updates are still hefty, as each M1 Mac has to download around 1 GB direct from Apple’s server rather than any local cache. Updating my four Macs from 11.2.3 to 11.3 required almost 9 GB from Apple – that’s nearly twice the size of the whole Sierra installer. If you want to take the 11.3 update to your elderly parents or a close friend, then bad luck, it can’t be done.

The 11.3 update addresses many of our concerns. It is rich with bug fixes, and has extensive release notes. But it’s now ten months since Apple started providing installers and updaters for Big Sur to large numbers of users, and their pain and grief aren’t going away.