Security Update 2020-003 (Mojave and High Sierra)

Originally published at: https://tidbits.com/watchlist/security-update-2020-003-mojave-and-high-sierra-2/

Patches security vulnerabilities in Apple’s last two operating systems. (Free, various sizes)

In Mojave, it also turns off softwareupdate --ignore. You can no longer hide individual updates (major or minor) when running Mojave. Your only option to avoid being hounded by notices for Catalina (or 10.16 when it comes out) is to turn off “check for updates” for everything, which means you won’t be notified of any future Mojave security updates either.

Is this really true? Are they actually strong arming their users to expose themselves to Apple’s marketing? Against the users’ deliberate and explicit declaration of opt out? Really?

I’m in a situation in which I don’t want Apple deciding when I upgrade or hounding me to do it. I’ve turned off automatic updates and can turn off check for updates. Sites like TidBITS let me know about the important packages.

At least on Catalina turning off automatically check for updates does not remove the badge. Does it on Mojave?

I just encountered the nagging Catalina update issue and posted comment on another thread. The Terminal command to ignore Catalina now responds with:
" Ignoring software updates is deprecated. The ability to ignore individual updates will be removed in a future release of macOS."

In fact that should read “has been removed in the latest update”!

TidBITS doesn’t normally notify us of the background Security and database updates that include such things as XProtect, MRT and Gateway updates, so you may have to watch elsewhere if you turn those off and have a method to manually update those.

I guess I’m on enough Mac sites that mention those updates that I didn’t recognize TidBITS wasn’t one of them. I do see notes about them. I also run SilentKnight periodically (along with Onyx and some other maintenance apps); that picks up lagging versions of such updates.

Aren’t those managed by the “Install system data files and security updates” checkbox?

Yes, but you must also have “Check for updates” enabled for that to work. Steve mentioned that he “can turn that off.”

You’re right, look at that. I’ve never turned that off, but the presence of the horizontal line separating the last option from the others suggested to me that it was independent. That’s bad UI—if the first checkbox controls the others, they should be indented under it.

I’ve set the preference exactly that way, but XProtect and MRT are never downloaded automatically. Here is what I see in Install.log:

2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: startDownloadingPackagesWithIdentifiers: (
“com.apple.pkg.MRTConfigData_10_14.16U4110”
)
2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: startDownloadingPackagesWithIdentifiers: (
“com.apple.pkg.XProtectPlistConfigData_10_14.16U4111”
)
2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: ContentLocator: Looking up content locator for original URL: http://swcdn.apple.com/content/downloads/17/41/001-09568-A_SRAT5WXGOE/vffzshb0cynjiv06qmx5v8cf4u8bqhga6l/MRTConfigData_10_14.pkg
2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: ContentLocator: Looking up content locator for original URL: http://swcdn.apple.com/content/downloads/29/46/001-09569-A_FULD3PRVML/3bxzq6x0wocp7gknok09wrsxi0bonqpdy3/XProtectPlistConfigData_10_14.pkg
2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: ContentLocator: No modified URL found
2020-05-29 10:31:54+09 119-228-78-249f1 softwareupdate_download_service[1273]: ContentLocator: No modified URL found

Somehow the download fails to find the file to download.
27-inch iMac 5K 2017, High Sierra 10.13.6.

I use SilentKnight, which successfully download the latest version of XProtect and MRT.

Sorry to change the subject, folks; this is an good conversation. But…

I now have a machine that downloaded this update and a Safari update; then was shut down without clicking Restart; was started again later; and now shows the Safari update as installed and offers Restart for the security update.

I click Restart, the screen goes black, and there we sit. I force the 2010 Mac Pro to turn off; turn it back on, log in, do as I please, then start AppStore, click Restart, and we are back in the loop.

I have searched for, but do not find, a file (a .dmg perhaps?) that I can download to try to install the security update.

Am I correct there there is no help from AppStore here? (If I click UpdateAll, it offers to restart.)

Oops. HighSierra 10.13.6.

(I have a technical reason for not moving yet to Mojave.)

It seems that Security Update 2020-03 may have resolved a problem created in Security Update 2020-02 with Macs crashing while using hardware accelerated video. I just posted a link in the discussion for that earlier update.

They are posted in the same place they always are: Apple - Support - Downloads.

Thank you, sir.

I called Apple Support. (See below in this message for details.)

After trying all but the last on their list, the suggestion was: Reinstall macOS.

I posting here for three reasons:

  • To report that Apple Support says others have reported the very same symptoms when trying to install this Security Update.
  • To report that Support will not escalate the problem because my 2010 Mac Pro is obsolete.

And to ask: Does anyone have any suggestion, other than reinstall the OS.

I suppose reinstalling from the Recovery partition is, in the following respect, no different that installing a new macOS version: namely, that none of my applications or data will be affected. (And that the re-install will take a long time. (I have a slow DSL line.) )

… details …

The gentleman at Apple Support took me through the drill: try restarting from the Apple menu; try shutting down from the Apple menu; reset SMC; reset NVRAM; boot in Safe Mode; boot Recovery partition >DiskUtility >FirstAid.

Curiously, FirstAid said this: Can’t repair volume because other APFS volumes on its container are mounted. (Yes, they are.)
Amusingly, it offered this: Unmount them, or perform repair while running from another macOS system (such as the Recovery system). (Ha!!)

After the call, I ran FirstAid as a logged in user “using live mode,” and the file system passed all tests.

The command, diskutil apfs list, shows, as usual, four volumes in the system drive APFS container, the system, VM, and two not mounted, Preboot and Recovery.

I’m puzzled by something I’ve seen several times. A security update comes along and gets installed. A few days later I find the same security update is again waiting to be installed. The AppStore shows the latest security update has been installed twice, five days apart.

Huh?

I just saw that in the installation log (that I was reviewing for a comment in a different thread). Several entries were shown at least twice, and there was at least one entry (High Sierra) for an installation that I never made. As you said, “Huh?”