Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

Security Update 2020-002 (Mojave and High Sierra)

Apple has released Security Update 2020-002 for macOS 10.14 Mojave and 10.13 High Sierra, patching a variety of security vulnerabilities in the older operating systems. The updates address multiple memory corruption issues related to Bluetooth and AppleGraphicsControl that could lead to arbitrary code execution with kernel privileges, patch a “use after free” issue that could allow an application to gain elevated privileges, and improve input sanitization to resolve a Bluetooth validation issue that could enable an application to read restricted memory. (Free. For 10.14 Mojave, 1.63 GB; for 10.13 High Sierra, 2.12 GB; security content release notes)

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Security Update 2020-002 (Mojave and High Sierra)

Notable Replies

  1. I have installed the update and, so far, no issues. I have auto-updates turned off but noticed a security update to Safari happened automatically overnight (as recommended by Tidbits, I have “install system data files and security updates” checked under Software Update/Advanced).

  2. That isn’t the way things should work. The “security update to Safari” was a total upgrade of Safari including security, bug and small feature upgrades. It did not come to because you have “install system data files and security updates” as I verified yesterday using SilentKnight.

    I suspect what happened was that when you were alerted to the Security Update 2020-002 you didn’t notice the “more…” link below that notice that would have expanded to show there was also an additional update of Safari 13.1. When you clicked Update, both were downloaded and installed at the same time, but you would not have noticed the separate Safari update which was accomplished along with the Security Update 2020-002.

  3. The “Install system data files and security updates” setting does other stuff; it’s not related to updates that you’re shown visibly. See

  4. So is this for Safari? I haven’t used Safari since 2005. It is not my choice when it comes to browsers. Firefox and google have been my browsers for over 15 years, so why would I need this security update. Is this the worm in the Apple?

  5. Sorry to hear it! I would suggest that you reinstall Mojave and see if that makes a difference, then try the security update again.

  6. I’m posting here because I believe the peculiarities started after applying Security Update 2020-002. However, I am not certain.

    There are two Macintosh computers, each with three accounts (one admin and two non-admin), and two iOS devices in the house. Each Macintosh computer asked the primary (non-admin) user to authenticate iCloud credentials. (All users on both Macintosh and both iOS devices use the same iCloud account, so they can use the same Calendar and Notes.) After authenticating on the Macs, the iOS devices required authentication. Now, we’re on at least the second round of the Macs requiring authentication. It’s as if each new authentication somehow bumps an old device off a list of approved devices and the cycle continues, with a delay of a day or two between an authentication and a new demand for an authentication on another device. Any ideas what is causing this?

    For what it’s worth, Calendar and Notes seem to update just fine even if the demand to authenticate is ignored.

    Rant mode one.
    Especially frustrating is the authentication procedure. First, the user is asked for the iCloud password. Then, the user is asked for the account password or passcode for the current account. (The user is named and the name is gray in a field above the password field.) Then, and here is the problem, the user is asked for the password used to login to another device. (One time, it asked for the password the user used to use to log into the current device.) Most often, the other device is a Macintosh, and there is no hint as to what account’s password should be entered. We have had both success and failure (at different times, of course) using one user’s password, the other user’s password, or the admin’s password. Perhaps I stumbled onto the best solution when I failed three times to enter a satisfactory password for a Macintosh account and the authentication process asked for an iOS device passcode, so I knew what it wanted. I doubt if anyone can help with this authentication process that essentially has me playing whack-a-mole with password, but please surprise me. Oh, and another thing. It seems like security theater that Apple doesn’t provide a method to turn off password masking. I assume that the time I entered three incorrect passwords, I must have fat-fingered one of them. Of course, I have no way to check, either before or after pressing return.
    Rant mode off.

    Thanks for any suggestions on how to escape from this cycle.

  7. I reinstalled Mojave. Reset PRAM. Reset SMC. Tried Safe Mode. Now at the step of “clean install a new OS on a blank disk” because we all have those sitting around.

    Nobody else having issues with the Mini 8,1? (I’m thinking these things are cursed. Using Bluetooth kicks off the Thunderbolt drive, too.)

  8. Boy, it does sound like something might be going on with the hardware. Perhaps try Apple Diagnostics?

    Reboot with the D key held down (or Option-D for loading Apple Diagnostics over the Internet) and see if it identifies any issues.

  9. I have done diagnostics and found nothing. I also tried creating a fresh install on an external drive and booting from that, and it still happens consistently, with no devices other than mouse and keyboard and monitor hooked up. Apple says it’s almost certainly a hardware problem, but a bunch of people are having similar issues at the same time, so I’m dubious. They also found that reinstalling the previous operating system did not fix the problem. The Apple rep said that to bump it to the engineers I would need to be running Catalina. I am now installing that on an external drive.

  10. I do have to say though, that insisting on installing Catalina is inane and a incredible waste of my time. I am not impressed by apples requirements for bumping up to a real engineer. Nobody will take my crash report unless I am running the latest version of Catalina, which is a little crazy.

  11. The issue started for me (ie this is where I noticed it first) with scrolling in Firefox causing the machine to freeze for some seconds to a minute, and then sometimes to shut down hard. Parts of a browser window (Chrome and Firefox) would flash while scrolling, and some video had problems too.

    2020-03 seems to have fixed the issue for me for an iMac 2015 running Mojave and a MBP 2011 running High Sierra.

    But …

    I’ve just had the first kernel panic I’ve ever had on the iMac which seems to have happened while Chrome was executing. Much too early to say if this is related [once is coincidence, etc].


  12. That happened to me twice in the last month. However, as far as I understand the installation log (About This Mac > Overview > System Report… > Software > Installations), I installed Security Update 2020-002 on March 25, and the problem didn’t start until a couple of weeks ago. Maybe I was just lucky for a while.

    Getting off-topic a bit, why does that installation log say I installed Security Update 2020-002 twice, 14 minutes apart? I certainly don’t recall that. Also, it says I installed High Sierra, which I never did. And finally, is there any way for me to remove some entries, so I have a shorter list? I really don’t care about Microsoft PowerPoint updates from 2017, doubly so since I never use PowerPoint. Thanks for any tips.

Join the discussion in the TidBITS Discourse forum


Avatar for ace Avatar for agen Avatar for shastaphil Avatar for alvarnell Avatar for mpainesyd Avatar for Will_M Avatar for kg.parr Avatar for davez