Monday, September 13, 2021 [Tweets] [Favorites]

macOS 11.6

Juli Clover:

According to Apple’s release notes, macOS Big Sur improves the security of macOS and is recommended for all users. Apple has also released security update 2021-005 for macOS Catalina, and both updates address an issue that could allow a maliciously crafted PDF to execute code. Apple says that it is aware of a report that this bug may have been actively exploited.

It’s unclear why this update isn’t numbered 11.5.3. It was also weird in that the Update Now button was disabled for me in Software Update even though the text said that the update was available. I had to click the text to see the sheet with the list of updates and then click the checkbox next to it before macOS would start downloading the update.

Apple:

This document describes the security content of macOS Big Sur 11.6.

Howard Oakley:

Congratulations to Mikey @0xmachos, who has worked out that the PDF vulnerability is most probably the same as the Megalodon/FORCEDENTRY iMessage zero click exploit, involving a bug in CoreGraphics decoding JBIG2-encoded data in a PDF file.

See also: Mr. Macintosh (tweet).

Previously:

Update (2021-09-14): Howard Oakley:

Software which has changed version or build numbers between macOS 11.5.2 and 11.6 includes[…]

[…]

Although it does contain some minor fixes – that to SMB looks of potential interest – the 11.6 update is primarily a security update.

[…]

If you’re still running Mojave, this almost certainly means that your macOS is no longer supported by Apple, and may well be vulnerable to either or both of these bugs.

The standalone download is still not available.

Update (2021-09-17): Mr. Macintosh:

The macOS Big Sur 11.6 full installer is now available. 🎉

6 Comments

Kevin Schumacher

> It’s unclear why this update isn’t numbered 11.5.3

Perhaps to make people more likely to install it sooner rather than later? Without reading anything more about it, would you think 11.5.3 or 11.6 is more important?

I'm not saying their versioning system makes sense anymore at all (why are we are on watchOS x.6, but every other iOS update is on x.7? [well, now x.8 for iPhone/iPad]), but that would be the only logic I can find in it.

@ Kevin: as a dev, it has the opposite effect on me. I expect 11.x to have more drastic changes than 11.5.x, so I’m more hesitant to install it.

My guess is they’ve rolled it into a more major architectural change (new kernel version?); perhaps it was difficult to backport.

Hello,
Big Sur not showing on my System Pref.
Apple store still showing 11.5..2 for download

@Kevin Interesting question. To me, 11.5.3 implies a security update (important and unlikely to cause problems for me) while 11.6 implies a feature update (maybe should hold off for a while to avoid breaking things), but so far it seems this was only a security update.

Kevin Schumacher

@Michael @Sören Yeah from a developer perspective it's bonkers. Just thinking "normies" might think it's more important, but I don't have any data to back that up.

I dont like it either, but I think it is a good strategy and also suggest the severity of the security concern here. Add in a bit of marketing to push for 11.6

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment