Known issues and limitations for InstallMissingPatches method of macOS Software Update
Overview
When integrating MetaDefender Endpoint Security SDK with macOS systems, especially in graphical applications or on Apple Silicon devices, several limitations and expected behaviors may occur when using the InstallMissingPatches
method of the Software Update component. This article outlines known issues, root causes, and available workarounds.
✅ Issues with Workarounds
Password Prompt During Patch Installation (UI Applications)
Description
When the SDK is used in a user interface (UI) application, macOS prompts the user to enter their password during patch installation. This is expected behavior enforced by Apple as a security measure to confirm the user consents to the update.

Workaround
- Manually enter your password when prompted.
- Alternatively, use a helper tool implemented as a console application to pass credentials via
json_in
.
Additionally, we are actively working on a solution to improve password handling directly within the SDK.
InstallMissingPatches hangs when working with Software Update
Description:
In some cases, the softwareupdate --install
command may hang due to system-level issues, failing to proceed with patch installation. This behavior is inconsistent and device-dependent.
Workaround
- Restart your macOS system and try again.
- We are also implementing logic in the SDK to detect hangs and return an appropriate error code to avoid silent failures.
⚠️ Known Limitations
InstallMissingPatches Does Not Work in Service Mode on Apple Silicon
On Apple Silicon devices, InstallMissingPatches
fails when run in service mode, due to the requirement for active user interaction during the macOS update process. This non-interactive environment prevents password handling and UI prompts. We are actively working on a long-term enhancement to support patch installation in service mode environments.
InstallMissingPatches Returns Code -23 (WAAPI_ERROR_ INVALID_STATE) After Restart
In certain cases, InstallMissingPatches
returns error code -23 (WAAPI_ERROR_INVALID_STATE) even after a successful update and system restart. This has been identified as a bug. A fix is currently under development.
Restart Action Unsupported on macOS 12 or Earlier
Setting input.restart_action = 1
on macOS 12 or earlier will result in error code -11 (WAAPI_ERROR_COMPONENT_METHOD_NOT_SUPPORTED). It is expected when this parameter is set on unsupported macOS versions, the SDK will returns error -11
.
This is a limitation of macOS 12 and earlier, which do not support automatic restart options during updates.
Although the script does not explicitly pass the --restart
parameter, the system may still restart unexpectedly based on internal macOS behavior.