Apple released 11.6 and macOS Catalina Security Update 2021-005 today.

AJPinto
Contributor III
8 REPLIES 8

mschroder
Valued Contributor

And again no mail on the security announce list? What's up with Apple? So thanks for the hint @AJPinto !

I only noticed this when smart groups started updating. JAMF's patch management still shows 11.5.2 as current as does the App Store. Apple is getting sloppy(er then usual). 

kevin5495
New Contributor III

There doesn't seem to be a stand alone installer. I've only had success through System Preferences/Software Update, and that's been flakey maybe due to traffic. Softwareupdate CL doesn't want to download -d, or install -i.

I got it using sudo softwareupdate -aiR (install all reboot) yesterday.

mm2270
Legendary Contributor II

The MacRumors article doesn't mention it, but the 11.6 and Catalina 2021-005 Security Updates supposedly address a zero day that may be actively being exploited (at least on Big Sur), so it's highly recommended you get all your Macs up to date as soon as possible. We're doing an emergency push to all our Macs starting this evening.

https://support.apple.com/en-us/HT212804

https://support.apple.com/en-us/HT212805

 

AJPinto
Contributor III

My gut had a feeling this was a 0 day. I have told our security teams and see what they want us to do. Wasn't 11.5.2 also a 0 day?

VintageMacGuy
New Contributor III

From what I have read (and it is only a few pieces of info) the attack vector is through Messages.app. A quick "patch" may be to add Messages.app to the restricted software list until they upgrade to 11.6.

We already restrict iMessage and do not allow the use of AppleID's. I find it a bit strange they did not just roll this in to 11.5.3 or something to get it out faster and less impactful. They could have updated iMessage without rebooting the Macs with a much smaller update like they do with Safari.