As we warned in “Security Update 2020-005 (Mojave and High Sierra),” (28 September 2020), users of macOS 10.14 Mojave who installed Security Update 2020-005 experienced numerous problems, as well-documented by Mr. Macintosh. Issues included large increases in memory usage, slow boots, overall system slowness, the inability to create new users, and more. Further discussion suggested that the problems might have been related to installing Safari 14.0 (released the previous week) before Security Update 2020-005.
On 30 September 2020, Apple pulled the updates for both Safari 14.0 and Security Update 2020-005. Then, late in the day on 1 October 2020, the company released macOS Mojave 10.14.6 Supplemental Update that, in fact, installs only a fixed version of Safari 14.0 and requires a restart. Apple also re-released Security Update 2020-005 with no changes.
Coverage from Mr. Macintosh suggests that the supplemental update fixes all the previous problems.
Precisely what you’ll see in Software Update depends on what you have already installed. Regardless, the practical upshot is that installing Security Update 2020-005 (if available) and macOS Mojave 10.14.6 Supplemental Update will give you both the updated Safari 14.0 and security update code. If you previously installed Safari 14.0, with or without Security Update 2020-005, we recommend installing this supplemental update immediately.
However, if you want to stay on an earlier version of Safari for some reason, you should be able to install Security Update 2020-005. Just don’t install the supplemental update, which will give you Safari 14.0.
We suspect that the new version of Safari 14.0 installed by the supplemental update addresses only the bugs that triggered problems once Security Update 2020-005 was installed. Quite a few people have reported separate troubles with Safari 14.0, and we’re guessing that Safari 14.0.1, now in beta testing, will address those.
Although Apple responded fairly quickly, it’s still a black eye for the company to ship a security update that caused such problems. In Apple’s defense, the situation was unusual, with the problems originating with the separate Safari 14.0 update and being revealed only after the user installed Security Update 2020-005. Nevertheless, we hope Apple is investigating how such major issues slipped through internal testing.
When we write about Apple’s operating system updates, we always try to offer advice about when to install. It’s now clear that we’ll need to make such recommendations for Safari and security updates in the future as well. The specifics may vary with the severity of the fixed vulnerabilities, but in general, we currently suggest that you should wait at least a week before installing updates like these.