Where and when is the MOJAVE security update for September, 2021?

And again, if there were the same vulnerabilities in Mojave as found in Catalina and Big Sur, Apple would have issued a simultaneous security update for Mojave. They didn't, and that speaks to their having an intimate knowledge of the operating systems that they support, and the absence of that Mojave security update should speak for itself, meaning Apple deemed no threat present.

Apple, entirely at their discretion, may/not release additional updates for Mojave unrelated to this Catalina/Big Sur security issue — before Mojave drops from the support cycle.

The only security update for Mojave will be beneath the primary operating system Update entry in Software Updates, and it will be just a replacement of Safari 14.1.2 with added security features in it. No operating system update for Mojave as it is nearly a year out of support.

Correction. Mojave is still supported until shortly after Monterey is released to the public, in keeping with Apple's three-year support cycle of current and two previous operating systems. As I am a fellow user, I have no information about Apple's future product or security-related update release schedules.

Yesterday evening, my Late 2013 iMac that is still running Mojave had only a security update for Safari 14.1.2. I just checked Software Update on that Mac about a minute ago and there is no other update present except Catalina which I refuse to install.

It is very possible that functionality was added to Catalina and Big Sur that did not exist in Mojave, and that is why those operating systems already received a multi-GB security update. Since Apple provided Safari 14.1.2 on Mojave previously, it was replaced with a new Safari security update yesterday in Mojave to the same version (14.1.2).

I've been searching for this answer for the past few hours, ever since my IT Dept sent out a warning that they will be remotely updating everyone's Macbook to the latest version of Big Sur so that the latest Pegasus vulnerability is patched. I'm still running Mojave and have no plan or desire to upgrade to Catalina or especially Big Sur. As a developer with many different dev tools installed via homebrew, it's way too much of a hassle to upgrade every package and resolve broken dependencies after an OS major upgrade. It would be one thing if Catalina or Big Sur were improvements over Mojave, but in my experience they are not.

I have my fingers crossed, and I might actually say a few prayers that Apple releases a Mojave Security Update over the next day or so, so that I don't have to get stuck with Big Sur.

Current update for Safari 14.1.2 in Mojave - 13 Sep 2021

https://support.apple.com/kb/HT212808

https://support.apple.com/en_CA/downloads/macos

Does the Safari-only update for Mojave mean that Mojave users should consider themselves fully open to the Pegasus exploit if using another browser (e.g., Firefox) instead of Safari?

Brian...agree completely with you as to having no interest whatsoever in upgrading to Catalina. Biggest issue, for me, is the 32-bit apps that would no longer be supported.