Security Updates 2020-006 for macOS Mojave 10.14 (18G6042), High Sierra 10.13 (17G14042) & Safari 14.0.1 are now Available.
With the release of macOS Big Sur, Apple also released Security Updates for both macOS Mojave and High Sierra. Catalina was issued a 10.15.7 Supplemental Update to address the same security issues in 2020-006.
NOTE: Apologies for the tardiness of this article, Big Sur and Apple Silicon really took my attention away. I didn’t forget about everyone who asked me when my Security Update article would come out. I will always test the update out first so you don’t have to deal with issues.
You can read more about the 10.15.7 Supplemental update below.
mrmacintosh.com/catalina-10-15-7-supplemental-update-19h15-released/
The 2020-006 Security Update will also be macOS High Sierra’s final update. Mojave will take its place as the 3rd supported version.
Safari 14.0.1 for Mojave and High Sierra was also released. It has some issues that you can read about below.
Previous issues with the 2020-005 Security Updates on Mojave
The 2020-005 Security Update caused some issues for 2020-005 users. If you are interested in what happened, I wrote about the problems in the articles below.
Apple has just released a new Mojave Supplemental Update to fix all the problems of the previous Safari 14.0 Update.
mrmacintosh.com/10-14-6-supplemental-update-safari-14-released-to-fix-previous-issues/
The Mojave 2020-005 Security Update and the Safari Update have been pulled due to all the problems they are causing!
mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated/
UPDATE 9/26/20 – Some users have reported major problems after installing the update!
Safari 14.0.1 Issues!!!
You should NOT install Safari 14.0.1 if you use Safari to upload or attach anything.
I have tested the install process multiple times. You can safely install the 2020-006 Security update and NOT install the Safari 14.0.1 update and not have the Safari attachment issues.
A simple example of this is using Gmail in Safari. If you update to Safari 14.0.1 you will be unable to attach anything to an email! The only work around right now is to use Chrome or Firefox.
If absolutely need Safari to attach files, you can install Mojave 10.14.6 over the top of your current install. This will retain your data but you will now have Mojave 10.14.6 (18G103). From here you can install the 2020-005 Security Update and the macOS Supplemental Update (Safari 14.0).
Testing the install process after the 2020-005 mess.
After all the problems of the 2020-005 Security Update for Mojave caused, I wanted to make sure everything was ok with 2020-006. I’ve installed both the 2020-006 and Safari 14.0.1 updates and have not found any issues. You can safely install both of them together.
In review, I have tested the following.
- Mojave 10.14.6 (18G103) Base Install
- 1. Install only Safari 14.0.1
- 2. Install only macOS Supplemental Update (Actually Safari 14.0)
- 3. Install both 2020-006 & macOS Supplemental Update (Actually Safari 14.0) & Safari 14.0.1
- The order of install = #1 macOS Supplemental Update #2 Safari 14.0.1 #3 Security Update 2020-005 #4 After Reboot 2020-006
- Mojave 10.14.6 (18G6032) 2020-005
- 1. Install only Safari 14.0.1
- 2. Install only 2020-006
- 3. Install both 2020-006 & Safari 14.0.1
- The order of install = #1 Safari 14.0.1 #2 Security Update 2020-006
Install Process has changed!
With the release of 2020-006, Apple has changed things up. In the past you could have the base version of Mojave, 18G103 for example and the latest security update would show as available and you could update right to it. With 2020-006 you will need to be on 2020-005 first before you can update to 2020-006! This is a huge pain if you have systems that are behind in build versions.
Example.
If you have a fresh build of macOS Mojave 10.14.6 (18G103) and you want to get to 2020-006.
- 1. Install Security Update 2020-005 first.
- 2. After installing 2020-005, you will now see 2020-006 available for instal in software update.
Hopefully this is a one time thing, and when 2020-007 comes out or 2021-001 it will be a complete installer that brings you up-to-date.
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-006 High Sierra 2020-006 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
mrmacintosh.com/macos-system-status-version-info-for-macadmins/
MacOS Mojave Security Update 2020-006 (18G6042)
- macOS Mojave Security Update 2020-006
- Size = 1.22 GB
- Product ID = 001-72538
- Package Download and Information Link
- https://support.apple.com/kb/DL2062
Information on the Security fixes included in the 2020-006 Mojave Security Update
MacOS High Sierra Security Update 2020-006 (17G14042)
- 10.13.6 High Sierra Security Update 2020-006
- Size = 1.22 GB
- Package Download and Information Link
- https://support.apple.com/kb/DL2059
Information on the Security fixes included in the 2020-006 High Sierra Security Update
Safari Update
Safari was Updated to 14.0.1 and is available as a separate install for Mojave.
Downloads Size for Mojave – 69.1MB
High Sierra will end with Safari Version 13.1.2
T2 BridgeOS Update
The 2020-006 Security Update for Mojave and High Sierra upgrade BridgeOS remains the same = 17.16.16610.0.0
17.16.16610.0.0
- 3. Previous Version 2020-005 = 17.16.16610.0.0
- 2. Previous Version 2020-004 = 17.16.16065
- 1. Previous version 2020-003 = 17.16.15290
Previous Security Update Releases
- 12. Security Updates 11/12/20 10.14.6 Mojave (18G6042) & 10.13 (2020-005)
- 11. Security Updates 09/24/20 10.14.6 Mojave (18G6032) & 10.13 (2020-005)
- 10. Security Updates 07/15/20 10.14.6 Mojave (18G6020) & 10.13 (2020-004)
- 9. Security Updates 05/26/20 10.14.6 Mojave (18G5033) & 10.13 (2020-003)
- 8. Security Updates 03/24/20 10.14.6 Mojave (18G4032) & 10.13 (2020-002)
- 7. Security Updates 01/28/20 10.14.6 Mojave (18G3020) & 10.13 (2020-001)
- 6. Security Updates 12/10/19 10.14.6 Mojave (2019-002) & 10.13 (2019-007)
- 5. Security Updates 10/31/19 10.14.6 Mojave (2019-001) & 10.13 (2019-006)
- 4. Security Updates 9/26/19 10.14.6 Mojave (18G103) 10.13 & 10.12 (2019-005)
- 3. Security Updates 7/22/19 10.14.6 Mojave (18G84) 10.13 & 10.12 (2019-004)
- 2. Security Updates 5/13/19 10.14.5 Mojave (18F132) 10.13. & 10.12 (2019-003)
- 1. Security Updates 3/25/19 10.14.4 Mojave (18E226) 10.13 & 10.12 (2019-002)
Security Related Content for 2020-006
support.apple.com/en-us/HT211849
This security update has only 4 “Public” fixes. (some fixes are released later)
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab
Available for: macOS High Sierra 10.13.6
Impact: A remote attacker may be able to unexpectedly alter application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Model I/O
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15
Any reason not to update the security update 2020-007? I know Safari is having issues (and 2 different versions show in software update)?
I’d hoped we’d have seen an article about the latest Security Update by now…but it does appear we Mojave users are being left in the dust for stories on Big Sur and M1s. Shame…there are many Mojave users still.
Just a quick on for those still on High Sierra.
I am on 10.13.6 High Sierra and behind on 2 security updates, – 17G14033 (2020-005) and 17G4042 (2020-006).
In the past if I missed an update, the next security install would be listed i.e., i’d see 2020-006 and not 2020-005.
In the note above, it seems that I will not see 2020-006 until i install 2020-005, in other words, the 2020-006 will not incorporate the security update for the previous one?
As mentioned in the past, i’d get the next install, but now i’m cueing up security updates?
This is not a critical issue, but would like a response if possible!!
Thanks!
Bill Girolamo
Thank you. For those of us on Mojave, how strange (for those still holding at Safari 14.0) that we see BOTH Safari 14.0.1 AND 14.0.2 listed? I do not ever remember one Safari version being required to install a newer one?
Depending on your requirements, you may be able to use drag-and-drop to work around the Mojave/Safari 14.0.1 file attachment bug.
For example, while the Gmail “Attach Files” button is broken in Safari 14.0.1 on Mojave, dragging and dropping files into Gmail’s “compose” area in Safari will successfully attach those files to the email. Other sites that support drag-and-drop are likely to work as well.
I’m a bit surprised (?maybe not) that this hasn’t been addressed. Are there any security updates within the Safari 14.0.1 update that would negate the issues caused by the bug?? I’ve been holding off updating Safari (but all other updates applied 10.14.6) in hopes this would have been addressed.
So now, Safari 14.0.2 has been released along with another security update.
I never installed Safari 14.0.0, but now the new security update shows and BOTH Safari 14.0.1 and Safari 14.0.2 are listed in software update. What a mess..
Unfortunately, the file attachment/upload bug remains in Safari 14.0.2 on Mojave. It’s a bit stunning to me that such a basic, frequently used function remains unfixed.
What’s odd, is that BOTH Safari updates show for me on 3 different MBA’s (I’m still at Safari 14.0.0). Mr. Mac, is this the first issue of one safari update required for the other?
So in console log, I show this for Safari update. Does the (R) mean it’s a revised version?
001-43723(R) | Safari 14.0.1
Since I didn’t install Safari 14.0.1, I don’t know if this is a revised version or not or if it’s still the original
I know because as you’ve mentioned with the release of Big Sur (BS) and the M1 chip you are distracted and will be from here on out. So I would like to get settled as much as I can:
1. Safari 14.0.2 Seed 1 has been out for several days. Did you get it?
2. Are we to install the Updates (005) before or after the Safari updates? You say both ways and the user relayed axiom is 000 updates first then Safari. What if you don’t even use Safari!? But install it to make the SU gods happy and cooperative?
3. What if because I followed you religiously and waited until it was safe and did the installs as you specify and the macOS 10.14.6 (18G103) partition will boot but the progress bar goes to the end and nothing else happens? I’ve let it sit for hours. Still nothing. The boot process will not go any further. I have rebooted to an installer Flash Drive and and Over Installed the OS, that I do a lot to refresh installs. But this time I’m dead in the water until I find a solution. Mostly with Office holding me back as to where I can install.
4. I’m now resurrected on a different partition, although Startup is slow, stalling at the same points every time at 18G103 and now SU is showing:
macOS Supplemental Update 10.14.6 @ 68.9MB
Safari 14.0.1
Safari 14.0.1 Seed 4
Safari 14.0.2 Seed 1
. . . but no 000 updates. I’d like to forget Safari. What does one do? . . .
UPDATE!
I started over and rolled back to 18G103 and install both security updates 005 & 006 and no Safari which is at 12.1.2. The OS is at Build 18G6042. Now I’m being hounded to install the Security Update, Safari 14.0, 14.0.1 Seed and 14.0.2 Seed.
Can I just ignore them with the Terminal Trick? Or just install them and get it out of the way?
I just need to get past the Boot Problem I have now. The drive will not boot on its own, if selecting the Startup Manager the proper drive is selected and all I have to do is to press the Enter key and we’re on our way. I have tried every trick I can find and No Joy. Plus this partition is temporary. I have a better placed install on a faster drive waiting. All I have to is get Office 2011 to install or transfer to it and I’m golden and done forever.
see post above, but still on Safari 14.0 and now BOTH show up as needing installed. So odd.
I installed the security update on 3 MBA’s successfully but will hold off on Safari until a fix is released.
Thank you for testing. It was odd that this Security Update needed the prior in order to be installed. I think even on the page about the update is only said “Mojave” was required.
Regardless, will hold off on Safari. I’m hoping a 14.0.2 will be released so we can see a difference in Software Update.
Tried connecting to Apple after reading your note concerning a security update for Mojave dated 11-30-2020. My Mac Pro 2012 with Mojave 10.14.6 is not discovering any new update. Was it pulled by Apple?