Known issues and limitations for InstallMissingPatches method of macOS Software Update

Overview

When integrating MetaDefender Endpoint Security SDK with macOS systems, especially in graphical applications or on Apple Silicon devices, several limitations and expected behaviors may occur when using the InstallMissingPatches method of the Software Update component. This article outlines known issues, root causes, and available workarounds.

Issues with Workarounds

Password Prompt During Patch Installation (UI Applications)

Description

When the SDK is used in a user interface (UI) application, macOS prompts the user to enter their password during patch installation. This is expected behavior enforced by Apple as a security measure to confirm the user consents to the update.

Workaround

  • Manually enter your password when prompted.
  • Alternatively, use a helper tool implemented as a console application to pass credentials via json_in.

Additionally, we are actively working on a solution to improve password handling directly within the SDK.

InstallMissingPatches hangs when working with Software Update

Description:

In some cases, the softwareupdate --install command may hang due to system-level issues, failing to proceed with patch installation. This behavior is inconsistent and device-dependent.

Workaround

  • Restart your macOS system and try again.
  • We are also implementing logic in the SDK to detect hangs and return an appropriate error code to avoid silent failures.

⚠️ Known Limitations

InstallMissingPatches Does Not Work in Service Mode on Apple Silicon

On Apple Silicon devices, InstallMissingPatches fails when run in service mode, due to the requirement for active user interaction during the macOS update process. This non-interactive environment prevents password handling and UI prompts. We are actively working on a long-term enhancement to support patch installation in service mode environments.

InstallMissingPatches Returns Code -23 (WAAPI_ERROR_ INVALID_STATE) After Restart

In certain cases, InstallMissingPatches returns error code -23 (WAAPI_ERROR_INVALID_STATE) even after a successful update and system restart. This has been identified as a bug. A fix is currently under development.

Restart Action Unsupported on macOS 12 or Earlier

Setting input.restart_action = 1 on macOS 12 or earlier will result in error code -11 (WAAPI_ERROR_COMPONENT_METHOD_NOT_SUPPORTED). It is expected when this parameter is set on unsupported macOS versions, the SDK will returns error -11.

This is a limitation of macOS 12 and earlier, which do not support automatic restart options during updates.

Although the script does not explicitly pass the --restart parameter, the system may still restart unexpectedly based on internal macOS behavior.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How do I install specific patch versions with InstallMissingPatches on Linux?
On This Page
Known issues and limitations for InstallMissingPatches method of macOS Software UpdateOverview✅ Issues with WorkaroundsPassword Prompt During Patch Installation (UI Applications)DescriptionWorkaroundInstallMissingPatches hangs when working with Software UpdateDescription:Workaround⚠️ Known LimitationsInstallMissingPatches Does Not Work in Service Mode on Apple SiliconInstallMissingPatches Returns Code -23 (WAAPI_ERROR_ INVALID_STATE) After RestartRestart Action Unsupported on macOS 12 or Earlier