Apple has just released a surprise ‘patch’ update to macOS Big Sur, to bring it to version 11.5.1. Although this apparently brings just one urgent security update, it’s around 2.2 GB for Intel Macs, and over 3.1 GB for M1 Macs.
Availability of this update from Apple’s servers is patchy. My Intel iMac Pro found it immediately, but had to restart the download when its first attempt had almost completed. My M1 Mac mini next to it can’t find the update at all, despite looking repeatedly for it. You may therefore need patience to obtain the update, as well as greater patience installing yet another large update when so little in it has changed. Another possibility is that those Macs which have been updated to run a Monterey beta may not be able to ‘see’ this update.
The security fix is for a vulnerability in IOMobileFrameBuffer which allows an app to execute arbitrary code with kernel privileges, and Apple has had a report that this has been actively exploited. Updating is therefore strongly recommended, as soon as you can. The security release note is here.
If you wish to read more about the nature of the vulnerability, it’s described here in full detail in its iOS version.
I have now had a chance to examine exactly what is in this update. There are no files with changed version or build numbers among the bundled applications (in /System/Applications), nor do any files in the System Library (/System/Library) have changed version or build numbers. The component which Apple refers to in its security note is a private framework, IOMobileFramebuffer.framework, which in Big Sur is built into one of the dyld shared caches in /System/Library/dyld, caches which are believed one of the reasons for Big Sur updates invariably being so huge.
There are no changes in the firmware in T2 Macs, and no change in the iBoot firmware in M1 Macs. The version information for the kernel is also unchanged between 11.5 and 11.5.1.
From what I see, the change made in 11.5.1 is so minimal that its size is a tiny fraction of the size of the update. In other words, almost every byte in the 11.5.1 update is overhead, not the update itself.
Updated at 0635 UTC 27 July 2021.