Security Update 2020-006 for Mojave & High Sierra + Safari 14.0.1

Security Updates 2020-006 for macOS Mojave 10.14 (18G6042), High Sierra 10.13 (17G14042) & Safari 14.0.1 are now Available.

With the release of macOS Big Sur, Apple also released Security Updates for both macOS Mojave and High Sierra. Catalina was issued a 10.15.7 Supplemental Update to address the same security issues in 2020-006.

NOTE: Apologies for the tardiness of this article, Big Sur and Apple Silicon really took my attention away. I didn’t forget about everyone who asked me when my Security Update article would come out. I will always test the update out first so you don’t have to deal with issues.

You can read more about the 10.15.7 Supplemental update below.

mrmacintosh.com/catalina-10-15-7-supplemental-update-19h15-released/

The 2020-006 Security Update will also be macOS High Sierra’s final update. Mojave will take its place as the 3rd supported version.

Safari 14.0.1 for Mojave and High Sierra was also released. It has some issues that you can read about below.

Previous issues with the 2020-005 Security Updates on Mojave

The 2020-005 Security Update caused some issues for 2020-005 users. If you are interested in what happened, I wrote about the problems in the articles below.

Apple has just released a new Mojave Supplemental Update to fix all the problems of the previous Safari 14.0 Update.

mrmacintosh.com/10-14-6-supplemental-update-safari-14-released-to-fix-previous-issues/

The Mojave 2020-005 Security Update and the Safari Update have been pulled due to all the problems they are causing!

mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated/

UPDATE 9/26/20 – Some users have reported major problems after installing the update!

Safari 14.0.1 Issues!!!

You should NOT install Safari 14.0.1 if you use Safari to upload or attach anything.

I have tested the install process multiple times. You can safely install the 2020-006 Security update and NOT install the Safari 14.0.1 update and not have the Safari attachment issues.

A simple example of this is using Gmail in Safari. If you update to Safari 14.0.1 you will be unable to attach anything to an email! The only work around right now is to use Chrome or Firefox.

If absolutely need Safari to attach files, you can install Mojave 10.14.6 over the top of your current install. This will retain your data but you will now have Mojave 10.14.6 (18G103). From here you can install the 2020-005 Security Update and the macOS Supplemental Update (Safari 14.0).

Testing the install process after the 2020-005 mess.

After all the problems of the 2020-005 Security Update for Mojave caused, I wanted to make sure everything was ok with 2020-006. I’ve installed both the 2020-006 and Safari 14.0.1 updates and have not found any issues. You can safely install both of them together.

In review, I have tested the following.

• Mojave 10.14.6 (18G103) Base Install
• 1. Install only Safari 14.0.1
• 2. Install only macOS Supplemental Update (Actually Safari 14.0)
• 3. Install both 2020-006 & macOS Supplemental Update (Actually Safari 14.0) & Safari 14.0.1
• The order of install = #1 macOS Supplemental Update #2 Safari 14.0.1 #3 Security Update 2020-005 #4 After Reboot 2020-006

• Mojave 10.14.6 (18G6032) 2020-005
• 1. Install only Safari 14.0.1
• 2. Install only 2020-006
• 3. Install both 2020-006 & Safari 14.0.1
• The order of install = #1 Safari 14.0.1 #2 Security Update 2020-006

Install Process has changed!

With the release of 2020-006, Apple has changed things up. In the past you could have the base version of Mojave, 18G103 for example and the latest security update would show as available and you could update right to it. With 2020-006 you will need to be on 2020-005 first before you can update to 2020-006! This is a huge pain if you have systems that are behind in build versions.

Example.

If you have a fresh build of macOS Mojave 10.14.6 (18G103) and you want to get to 2020-006.

• 1. Install Security Update 2020-005 first.
• 2. After installing 2020-005, you will now see 2020-006 available for instal in software update.

Hopefully this is a one time thing, and when 2020-007 comes out or 2021-001 it will be a complete installer that brings you up-to-date.

How do I keep track of all the macOS Build Versions?

I document all of the macOS Build Versions like the latest Mojave 2020-006 High Sierra 2020-006 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.

mrmacintosh.com/macos-system-status-version-info-for-macadmins/

MacOS Mojave Security Update 2020-006 (18G6042)

• macOS Mojave Security Update 2020-006
• Size = 1.22 GB
• Product ID = 001-72538
• Package Download and Information Link
• https://support.apple.com/kb/DL2062

Information on the Security fixes included in the 2020-006 Mojave Security Update

• https://support.apple.com/en-us/HT211946

MacOS High Sierra Security Update 2020-006 (17G14042)

• 10.13.6 High Sierra Security Update 2020-006
• Size = 1.22 GB
• Package Download and Information Link
• https://support.apple.com/kb/DL2059

Information on the Security fixes included in the 2020-006 High Sierra Security Update

• https://support.apple.com/en-us/HT211946

Safari Update

Safari was Updated to 14.0.1 and is available as a separate install for Mojave.

Downloads Size for Mojave – 69.1MB

High Sierra will end with Safari Version 13.1.2

T2 BridgeOS Update

The 2020-006 Security Update for Mojave and High Sierra upgrade BridgeOS remains the same = 17.16.16610.0.0

17.16.16610.0.0

• 3. Previous Version 2020-005 = 17.16.16610.0.0
• 2. Previous Version 2020-004 = 17.16.16065
• 1. Previous version 2020-003 = 17.16.15290

Previous Security Update Releases

• 12. Security Updates 11/12/20 10.14.6 Mojave (18G6042) & 10.13 (2020-005)
• 11. Security Updates 09/24/20 10.14.6 Mojave (18G6032) & 10.13 (2020-005)
• 10. Security Updates 07/15/20 10.14.6 Mojave (18G6020) & 10.13 (2020-004)
• 9. Security Updates 05/26/20 10.14.6 Mojave (18G5033) & 10.13 (2020-003)
• 8. Security Updates 03/24/20 10.14.6 Mojave (18G4032) & 10.13 (2020-002)
• 7. Security Updates 01/28/20 10.14.6 Mojave (18G3020) & 10.13 (2020-001)
• 6. Security Updates 12/10/19 10.14.6 Mojave (2019-002) & 10.13 (2019-007)
• 5. Security Updates 10/31/19 10.14.6 Mojave (2019-001) & 10.13 (2019-006)
• 4. Security Updates 9/26/19 10.14.6 Mojave (18G103) 10.13 & 10.12 (2019-005)
• 3. Security Updates 7/22/19 10.14.6 Mojave (18G84) 10.13 & 10.12 (2019-004)
• 2. Security Updates 5/13/19 10.14.5 Mojave (18F132) 10.13. & 10.12 (2019-003)
• 1. Security Updates 3/25/19 10.14.4 Mojave (18E226) 10.13 & 10.12 (2019-002)

Security Related Content for 2020-006

support.apple.com/en-us/HT211849

This security update has only 4 “Public” fixes. (some fixes are released later)

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab

Mail

Available for: macOS High Sierra 10.13.6

Impact: A remote attacker may be able to unexpectedly alter application state

Description: This issue was addressed with improved checks.

CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences

Model I/O

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15

The post Security Update 2020-006 for Mojave & High Sierra + Safari 14.0.1 appeared first on Mr. Macintosh.