Security Update 2020-001 (Mojave and High Sierra)
Apple has released Security Update 2020-001 for macOS 10.14 Mojave and 10.13 High Sierra, patching a variety of security vulnerabilities in the older operating systems. The updates address several kernel-related issues that could allow malicious applications to execute arbitrary code with system privileges or read restricted memory, eliminate a memory corruption issue related to image processing that could allow a maliciously crafted JPEG to execute arbitrary code, patch a memory leak in the CoreBluetooth framework, and improve access restrictions to prevent malicious applications from overwriting arbitrary files. (Free. For 10.14 Mojave, 1.62 GB; for 10.13 High Sierra, 1.92 GB; security content release notes)
Just tried to install 2020-001. Had problems on High Sierra 10.13.6.
Caveat: I have two Macs running 10.13.6. Rather than waste download bandwidth, I went to https://support.apple.com/downloads/macos and downloaded the DMG from there. It’s possible that doing it that way rather than via the App Store interface explains the observed behaviour.
I ran the installer. It seemed to follow the now-usual path of a bit of work while macOS was still running, then wanted to restart, then sat there, thinking, with the progress bar alternating between doing not much or suddenly jumping about like a three-legged dog.
Then the screen went grey and painted slowly from the top, and I wound up in recovery mode. I’ve seen this before and it’s never a good sign. The last time I saw it (also on a High Sierra security update) it required a trip to the terminal to delete some .csstore files.
This time I was able to get away with just doing a First Aid run on my boot volume (probably not strictly necessary since it reported nothing wrong) followed by quitting the utilities, explicitly setting the startup volume (an external SSD) in case that had somehow become unstuck, and then letting the Mac restart.
It seemed to come back OK but it still thinks the Security Update 2020-001 needs to be installed (which it doesn’t think about the Safari update done at the same time).
Although the misbehaviour was not identical to the last time this happened, I went looking to see how many of the potentially problematic .csstore files were on the system and the answer was 14. Whether that means anything is something I don’t know.
I’m going to give it another whirl (this time from the App Store interface) to see if the problem recurs and, if so, whether the same cure works:
This is best done in Terminal launched from recovery mode (reboot with Command+R held down).
Update. The above was on a MacMini. The other High Sierra machine is a MacBookPro. On that I did the update via the App Store interface and it worked first time (without needing to delete any .csstore files).
I’ll get around to re-trying the update on the MacMini via the App Store interface to see if it makes a difference.
Finally got the time to re-do this update via the App Store. Worked without incident.
No idea why downloading the DMG didn’t work.
Thanks for the update—it’s interesting, since I think this is the first time I’ve heard of someone having more trouble with the download than with the App Store version. But it’s always worth trying the other if one doesn’t work.
Join the discussion in the TidBITS Discourse forum