Security Update 2020-005 for Mojave 10.14 & High Sierra 10.13 Released!

Security Updates 2020-005 for macOS Mojave 10.14 (18G6032) & High Sierra 10.13 (17G14033) are now Available.

UPDATE 10/02/20 – Apple has just released a new Mojave Supplemental Update to fix all the problems of the previous Safari 14.0 Update.

mrmacintosh.com/10-14-6-supplemental-update-safari-14-released-to-fix-previous-issues/

UPDATE 10/01/20 – The Mojave 2020-005 Security Update and the Safari Update have been pulled due to all the problems they are causing!

mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated/

UPDATE 9/26/20 – Some users have reported major problems after installing the update!

Today, Apple released macOS Security Update 2020-005 for High Sierra and Mojave. The 2020-005 security update will most likely will be the end of the line for macOS High Sierra. After macOS Big Sur is released, Apple will no longer support High Sierra.

Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links.

The 2020-005 Update fixes & reverts the 2020-003 changes made to the –ignore flag. After installing the update, you can now ignore major upgrades again.

UPDATE 9/24/20 – The 2020-004 update was said to fix this but it actually did not work properly. If you had a UAMDM (User Approved Mobile Device Management) Enrolled Mac the --ignore option did NOT work. The 2020-005 update fixed this and now works properly. Big hat tip to @pcrandom for doing a ton of testing. He was able to confirm that this issue was fixed.

After installing 2020-004 on 10.14 & 10.13 you can once again block major upgrades (Catalina). I mentioned this change in my Catalina 10.15.6 Patch Notes Article.

NOTE: This change is ONLY for UAMDM (User Approved Mobile Device Management) and Supervised Macs. If your Mac is not Supervised or part of an UAMDM you will not be able to ignore major updates.

In macOS Big Sur softwareupdate --ignore is deprecated and no longer works. You will only be able to block minor and major updates for 90 days using MDM. Please file feedback NOW, if you need the ability to block minor & major updates in macOS Big Sur! Thanks for the clarification @mboylan!

I previously wrote about the situation here – mrmacintosh.com/10-15-5-2020-003-updates-changes-to-softwareupdate-ignore/

You can read up more on what happened below.

babodee.wordpress.com/2020/04/16/apple-plans-on-removing-enterprise-options-for-macos-software-update/

How do I keep track of all the macOS Build Versions?

I document all of the macOS Build Versions like the latest Mojave 2020-005 High Sierra 2020-005 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.

mrmacintosh.com/macos-system-status-version-info-for-macadmins/

MacOS Mojave Security Update 2020-005 (18G6032)

• macOS Mojave Security Update 2020-005
• Size = 1.69 GB
• Package Download and Information Link
• support.apple.com/kb/DL2054

Information on the Security fixes included in the 2020-005 Mojave Security Update

• support.apple.com/en-us/HT211849

MacOS High Sierra Security Update 2020-005 (17G14033)

• 10.13.6 High Sierra Security Update 2020-005
• Size = 2.12 GB
• Package Download and Information Link
• support.apple.com/kb/DL2053

Information on the Security fixes included in the 2020-005 High Sierra Security Update

• support.apple.com/en-us/HT211849

Safari Update

Safari was NOT updated

Download Size for High Sierra

Downloads Size for Mojave

T2 BridgeOS Update

The 2020-005 Security Update for Mojave and High Sierra upgrade BridgeOS to version – 17.16.16610.0.0

• 2. Previous Version 2020-004 = 17.16.16065
• 1. Previous version 2020-003 = 17.16.15290

Previous Security Update Releases

• 11. Security Updates 09/24/20 10.14.6 Mojave (18G6032) & 10.13 (2020-0050
• 10. Security Updates 07/15/20 10.14.6 Mojave (18G6020) & 10.13 (2020-004)
• 9. Security Updates 05/26/20 10.14.6 Mojave (18G5033) & 10.13 (2020-003)
• 8. Security Updates 03/24/20 10.14.6 Mojave (18G4032) & 10.13 (2020-002)
• 7. Security Updates 01/28/20 10.14.6 Mojave (18G3020) & 10.13 (2020-001)
• 6. Security Updates 12/10/19 10.14.6 Mojave (2019-002) & 10.13 (2019-007)
• 5. Security Updates 10/31/19 10.14.6 Mojave (2019-001) & 10.13 (2019-006)
• 4. Security Updates 9/26/19 10.14.6 Mojave (18G103) 10.13 & 10.12 (2019-005)
• 3. Security Updates 7/22/19 10.14.6 Mojave (18G84) 10.13 & 10.12 (2019-004)
• 2. Security Updates 5/13/19 10.14.5 Mojave (18F132) 10.13. & 10.12 (2019-003)
• 1. Security Updates 3/25/19 10.14.4 Mojave (18E226) 10.13 & 10.12 (2019-002)

Security Related Content for 2020-004

support.apple.com/en-us/HT211849

This security update has only 4 “Public” fixes. (some fixes are released later)

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab

Mail

Available for: macOS High Sierra 10.13.6

Impact: A remote attacker may be able to unexpectedly alter application state

Description: This issue was addressed with improved checks.

CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences

Model I/O

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9973: Aleksandar Nikolic of Cisco Talos

Sandbox

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester(@xpn) of TrustedSec

Security Updates 2020-005 Mojave