Tempting me to put Boot Camp on my Intel Macs and get actual timely OS updates and patches from a real OS vendor who understands supporting technologies from more than 2 years ago. :-p
Be aware that Security Update 2021-001 Catalina does not include the fix for CVE-2021-3156 (sudo vulnerability). For that you'll need macOS Catalina 10.15.7 Supplemental Update 10.15.7 which is not yet available to download from support.apple.com (it is however available to install via Software Update)
Or more to the point, how long will it take Apple to release the standalone .pkg installer for it? It was 8 days from Security Update 2021-001 Catalina being released via Software Update and the .pkg becoming available from support.apple.com. Let's hope Apple beats that time with the macOS Catalina 10.15.7 Supplemental Update 10.15.7 .pkg.
@sdagley I'd like to think the prolific complaining I have been doing in the past week has helped - they're all posted as downloads now... but not well-named, and ever since Security Update 2020-006 for Mojave I think Apple owes it to us to at least state on the download page whether the update is cumulative or requires the preceding version be installed.
A few minutes ago those pages were identical although except for the download links; while the text of the latter has been updated to read "macOS Catalina 10.15.7 supplemental update" but the header still says Security Update 2021-001 (Catalina)
You would think with the marketing budget Apple has they could pay someone enough to ensure consistency in release naming... they're not winning any bonus points from me:
Big Sur = minor point release
Catalina = supplemental update
Mojave = security update
Speaking of Mojave here's the latest:
https://support.apple.com/kb/DL2070 - Security Update 2021-002 for Mojave
And for those who - I can't anticipate why - might really need it:
https://support.apple.com/kb/DL2069 - Security Update 2021-001 for Mojave
A penultimate complaint - this naming scheme (or lack thereof) is really going to muddy the waters when the NEXT security updates are released... presumably we'll be looking at 2021-003 for Mojave, 2021-002 for Catalina, and Big Sur 11.2.2 or 11.3.1 depending on how far Apple's progressed with features before zero days require them to patch again. leading me to...
One final complaint - https://support.apple.com/en-us/HT212177 defining the security content says it fixes the sudo vulnerability - CVE-2021-3156 - as well as a couple Intel graphics drivers. Do we really need to download 1.7GB+ to each Mac needing updates for a 500k binary (sudo) plus generously 500MB for the graphics drivers? How I miss the old days of incremental updaters and combo updaters... if your fleet's well maintained you should only need to push the 500k to fix sudo!
Oh, to end on a useful note, in my correspondence with Apple where I was complaining about the lack of standalone downloads from the support site, I was advised that, for limited testing on isolated systems that couldn't run software update, one could always download the associated assets from the same catalog ID along with the .dist file, and with them all in the same folder, run:
/usr/sbin/installer -target / -pkg /path/to/folder/with/pkgs.dist
I had no idea you could do that with the .dist files, I always wondered what purpose they served! Mind you this is for TESTING and specifically NOT RECOMMENDED for deployment to your fleet... but it's another tool in my belt.
@gabester Thanks for sharing that .dist trick, but after looking at today's version of Security Update 2021-001 with a post date of 2021-02-08 (https://support.apple.com/kb/DL2071?viewlocale=en_US&locale=en_US) as opposed to the version made available yesterday with a post date of 2021-02-05 (https://support.apple.com/kb/DL2068?viewlocale=en_US&locale=en_US) it appears that Apple is re-writing history by re-releasing macOS Catalina 10.15.7 Supplemental Update 10.15.7 as Security Update 2021-001 (Catalina)
@gabester So I downloaded the file you linked to and attempted to install it on a 2018 MBP with OS build 19H15. Install failed.
I think I'm slowly losing my mind. Time to wipe this box and start again. Just in case it is something on this particular machine. I do appreciate the help so far.
@sdagley That's a good thought. While it's possible our messed up network could be doing inspection, I've had Apple's CDNs added to our bypass list for a while now. I'm thinking you are onto something with the bridgeOS update being a prerequisite.
I miss the days of simple Combo updates...
This is getting weirder...
Command Line update fails on both Jamf and Manual with the following error. This is while not on VPN and I had removed our public proxy just to be sure.
Then I used the system preference update and it went through fine. Unfortunately my users will not be able to do that.
@mhasman I think that's the issue with using the package, it is NOT a combo installer. So I'm guessing that there is something missing that it is looking for.
I just wiped my test machine, reinstalled Catalina 19H1 I think, then I ran softwareupdate --install -a --restart and it fully updated to H524. This had failed before, but, it was with our WSS proxy in place. I also ran across a post referencing tbsc.apple.com as something new in the MacOS update pipeline.
So now I'm going to wipe and start again with everything except the WSS in place. I really hope this gets me somewhere.
I saw this portion of your post and decided to give it a try. It gave me some hope for getting these machines updated.
Oh, to end on a useful note, in my correspondence with Apple where I was complaining about the lack of standalone downloads from the support site, I was advised that, for limited testing on isolated systems that couldn't run software update, one could always download the associated assets from the same catalog ID along with the .dist file, and with them all in the same folder, run: /usr/sbin/installer -target / -pkg /path/to/folder/with/pkgs.dist I had no idea you could do that with the .dist files, I always wondered what purpose they served! Mind you this is for TESTING and specifically NOT RECOMMENDED for deployment to your fleet... but it's another tool in my belt.
However, when trying it, it seemed to start correctly but then threw an error "The package is attempting to install content to the system volume.". So much for my hopes.
I do not miss this struggle, having finally implemented a caching server setup, just using the native softwareupdate command line and/or the jamf software update method has made my life easier. No doubt in the next week I'll run into some edge case that necessitates my revisiting this unpleasantness.
@mhasman Apple finally released the standalone Catalina Security Update 2021-003 .pkg installer on 2021-06-02. Here is the link for the KB article with the download link: https://support.apple.com/kb/DL2075?viewlocale=en_US&locale=en_US
@Mhomar Apple finally released the standalone Mojave Security Update 2021-004 .pkg installer on 2021-06-02. Here is the link for the KB article with the download link: https://support.apple.com/kb/DL2074?viewlocale=en_US&locale=en_US
Unfortunately there is currently nothing at that link as Apple appears to have forgotten that they have customers that do actually need standalone .pkg installers for security updates.