Apple has just released three important updates: Big Sur 11.6, Catalina Security Update 2021-005, and MRT 1.84.
macOS 11.6 fixes two serious vulnerabilities, one of which is being actively exploited in crafted PDF files, the other being actively exploited in crafted web content. The first of those is also fixed in Catalina Security Update 2021-005. There doesn’t appear to be any Security Update for Mojave, though, suggesting that it has now reached the end of its support.
In addition, a new version of MRT is available, bringing it to 1.84. Apple doesn’t disclose what changes that brings.
Big Sur 11.6 update is around 2.64 GB for Intel Macs, and just over 3.5 GB for M1 Macs.
Catalina Security Update 2021-005 is 1.45 GB, and a standalone updater for it is now available from here. Apple doesn’t provide any standalone updates for Big Sur, though.
Full details of the security fixes are available here. There’s no information about any changes other than these important security updates, and widespread opinion that this Big Sur update should be considered a minor security patch, and perhaps better as version 11.5.3 rather than a ‘full’ minor update. It’s also possible that, as Big Sur enters its two-year maintenance period, Apple intends releasing security updates as 11.6.1 et seq.
Congratulations to Mikey @0xmachos, who has worked out that the PDF vulnerability is most probably the same as the Megalodon/FORCEDENTRY iMessage zero click exploit, involving a bug in CoreGraphics decoding JBIG2-encoded data in a PDF file.
The version of MRT installed by the 11.6 update is 1.81. To ensure that your Mac has the new update to MRT, once it has completed the macOS update, you should run SilentKnight to download and install MRT 1.84.
Thanks to Pico for passing the link to the standalone Catalina updater.