Category: Big Sur 11.6 Update

macOS Big Sur 11.6 Update (20G165) Patches 2 Serious Exploits!

MrMacintosh.com - macOS Big Sur 11.6 Update. Will this be the final OS level fix patch?
macOS Big Sur 11.6 Update. Will this be the final OS level fix patch?

macOS Big Sur 11.6 Update (20G165) is now available for all users!

Apple just dropped a new macOS Big Sur 11.6 Update! Let’s jump in and find out what’s new!

UPDATED: 10/01

This article just came across the wire.

Citizen Lab forwarded the artifacts to Apple on Tuesday, September 7. On Monday, September 13, Apple confirmed that the files included a zero-day exploit against iOS and MacOS. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.

https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

The 11.6 Update is looking more like an emergency security update!

Apple: NO FULL INSTALLER FOR YOU!

UPDATE: 10/01 Apple listened, and released a full installer of 11.6!

Normally Apple releases a full installer of macOS along with the OTA Delta update. When that did not happen, I thought it was strange right away.

A few of my fellow #MacAdmins sent in Enterprise Support tickets to ask Apple where the 11.6 full installer is.

Apple’s response?

“The macOS Big Sur Update is a security update only and we will not be releasing a full installer.”

WHAT?????

Did Apple forget about the Big Sur 11.5.1 Update?

Please reach out to Apple ASAP and let them know that we need a Full Installer and M1 IPSW restore file of 11.6.

11.6 is an Important Security Update

I’ve created a chart to help you better understand which versions of macOS are patched.

CVE-2021-30860 (CoreGraphics) https://cve.mitre.org/CVE-2021-30860
Patched – 11.6 & 2021-005 macOS Big Sur 11.6 & Catalina 2021-005
Unknown macOS Mojave & macOS Monterey
CVE-2021-30858 (WebKit) https://cve.mitre.org/CVE-2021-30858
Patched – Safari 14.1.2 Big Sur 11.6, Catalina 14.1.2, Mojave 14.1.2
Unknown macOS Monterey
MrMacintosh.com - macOS Big Sur 11.6 Update
https://support.apple.com/en-us/HT211896

“This update is recommended for all users and improves the security of macOS.”

As usual Apple has only given this phrase and nothing else to work with. We’ll need to decrypt this Apple macOS Update phrase.

11.5.2 = macOS Big Sur 11.5.2 includes bug fixes for your Mac.

11.5.1 = macOS Big Sur 11.5.1 provides important security updates and is recommended for all users.

As you can see, 11.5.1 only fixed security issues and no bug fixes. The 11.5.2 update was just the opposite and only included bug fixes with no security fixes.

Also note that 11.5.2 was NOT recommended for “all users”

The 11.6 update is security related and IS Recommended for all users

Apple Security Document = 2 CVE Vulnerabilities

Apple posted a security document that tells us 2 CVE’s have been addressed in Core Graphics and WebKit.

https://support.apple.com/en-us/HT212804

I just posted a new video on the macOS Big Sur 11.6 Update below.

macOS Big Sur 11.6 Update Summary

  • 0 – New Features
  • 0 – Resolved Issues
  • 2 – Security Fixes
Continue reading “macOS Big Sur 11.6 Update (20G165) Patches 2 Serious Exploits!”