I was able to extract it from the 10.5.5 combo update using Pacifist.

It looks like the "supplemental" update has an identical version as it.

Just did this myself and can confirm, the Sandbox.kext can be extracted from macOS Combo update 10.15.5:

https://updates.cdn-apple.com/2020/macos/001-12346-20200528-c8559404-82ce-4926-a8cf-a2ff6630fe44/mac...

Just extract it with pkgutil --expand-full macOSUpdCombo10.15.5.pkg

or to extract it with any other util and extract macOSUpdCombo10.15.5.pkg/Payload using pbzx.

Afterwards you should have the System/Library/Extensions/Sandbox.kext and usr/libexec/sandboxd directory structures.

sandboxd also differs, so maybe it's a good idea to replace both...

To replace them just save these files somewhere on your disk and reboot into recovery mode, holding Cmd+R.

Then you just need to mount your system disk using Disk utility and then launch the terminal to copy the files into place.

Don't forget to check the ownership and permissions!

Wrong thread PRware7? 

Probably, VMWare fusion was crashing for me and thought this info may help.

How did you manage to mount the folder/copy the files? I run `mount -uw /` It seems to have worked, I saw that file dates changed after I copied my files, but when I restarted I saw the same old (10.15.6) files there in Sandbox.kext and sandboxd.

Thanks for the heads up.

Hopefully Apple fixes this soon - 2020 iMac users aren't going to have a downgrade option.

Did you check that you had mounted your boot volume and were copying the files onto that (e.g. "/Volumes/Macintosh HD/System/Library/..."), not onto "/System/Library/..." (which would be the temporary Recovery environment)?  If you really remounted "/", it suggests you might have aimed for the wrong disk...

And you folks are more bold than I am with mixing-and-matching different kernel components.  Certainly not something I would endorse, but I admire the determination and the creative solution.  :smileycool:

--

Darius

It's certainly nothing I would recommend, because it could lead to instability. But it's only a minor update, so kernel extensions should be compatible.

And what do I have to lose? Worst case scenario, I reinstall macOS

Once you mounted "Macintosh HD" using Disk Utility, you should run the terminal and simply enter

chroot /Volumes/Macintosh\ HD

This way you will use your actual macOS throughout the copy process. You may then run e.g.

rsync -r /Users/localUser/Desktop/macOS-10.15.5/System/Library/Extensions/Sandbox.kext /System/Library/Extensions/

rsync /Users/localUser/Desktop/macOS-10.15.5/usr/libexec/sandboxd /usr/libexec/

In my case I just had my VM crashing and after trying to run it again, it showed the known behaviour caused by the memory leak.

So replacing the kext alone doesn't seem to help. This time I replaced /usr/libexec/sandboxd as well and will test again.

EDIT:

Kernel memory is still leaking, so maybe it's caused by the kernel itself.

Don't know if i feel lucky enough to try to downgrade only the kernel, though  

While I downgraded the entire macOS to 10.15.5, for those of you trying to make a frankenstein version with the 10.15.5 sandbox kext, this might be of interest: How Kernel Prelinking Works on macOS Catalina (or not)  Apparently macOS doesn't really load kexts from kext files, they are prelinked into a PrelinkedKernel. So if you are going to try to replace the kext file, you might also have to invoke some of these kextcache commands to regenerate a prelinked kernel.

One thought Darius - do you folks have any contacts inside apple that you could push to have them repost the 10.15.5 installer to the update servers?  That has been a solid fix for the issue, but getting the installer from a reliable source is nigh on impossible.

Thanks for posting and I was able to downgrade to 10.15.5.

Question:  Will this method allow me to downgrade back to Mojave 10.14.6 without wiping my system? 

The certificates for pre-catalina installers expired as of February, so they are useless.  I could not downgrade to Mojave with my previously saved Mojave installer.  Luckily 10.15.5 is stable.

This was probably not mentioned but here is what I do when I see that my mouse and screen freezes but otherwise some things are still running for a while:

• I SSH into my MacBook Pro from another machine. If you don't have other computer, there are SSH apps on iOS. It helps if you configure your DHCP server to reserve a certain IP address for your Mac. Most soho routers can be configured to assign a specific IP address to the MAC address of your Mac. Please know that you must configure your Mac in advance to accept incoming SSH connections.
• I try to suspend my VM. Maybe it's a futile attempt, but sometimes my VM is still running when I SSH into my Mac. Go to the directory of your VM and issue "vmrun suspend yourvirtualmachine.vmx"
• I always manage to SSH into my Mac in time in order to perform an "orderly shutdown" at least. There will be still programs that will not exit gracefully but get killed. However your daemons get stopped in a normal manner, your filesystem will be unmounted and you minimise the chance of data loss: "sudo shutdown -r now"

I downgraded to MacOS 15.5 using a Time Machine backup.  When the restore was complete, I could no longer even start VMware Fusion (11.5).  VMware Fusion crashes each time with "VMware Fusion quit unexpectedly".  The Apple crash log lists the Termination Reason as:

Termination Reason: Namespace CODESIGNING, Code 0x1

I can only find non-helpful reasons for that Termination.

So I restored (Time Machine again) back to 15.6 because I thought a functioning VMware Fusion with leaks is better than no VMware Fusion at all. 

But alas, after the restore, the same exact VMware crash still happens: Namespace CODESIGNING, Code 0x1

I've made sure the security settings are still correct (allowing VMware Full Disk Access), but nothing fixes this crash.

Any ideas?