MacInTouch Amazon link...
Channels
Apple, Troubleshooting, Questions
Paul, just for a sanity check, have you run TechTool Pro and checked for bad blocks?
Yes, I have, thanks for asking. I jumped through the hoops to get Mojave to start up from an external drive, and then ran the whole diagnostic toolbox of the latest TechTool Pro. Came out Clean as a Weasel®. Machine (and operator) more-or-less sane.
 


Regarding the following quote Ric referenced previously:
Eclectic Light Co. said:
Time management
... In case you hadn’t noticed it, almost all of Apple’s existing installers and updaters now lie in tatters, their signing certificates expired, because Apple did too little too late. It failed to plan for the progression of time.
... Like many other users, I now have tens of gigabytes of Apple installers and updaters whose certificates have expired. Replacing them isn’t going to be an easy task, as Apple thinks it’s good to hide them away, rather than providing ready access. Even if I can find El Capitan in the App Store, Software Update won’t let me download it, as neither of my current Macs can run it. Others report that they’re unable to obtain a re-signed copy of the El Capitan installer even on Macs which can run it.
I have been beating my head against the wall for a good portion of the weekend working on trying to build new USB flash drive installers for each of the new installers from Mavericks to Catalina. Like others have reported, there is a problem with the macOS Sierra file Apple made available for download. They definitely did not test this.

After all this aggravation, and numerous emails with Ric, I decided on a different tack. I pulled out my old Install macOS Sierra 10.12.6 installer file and built a USB installer using that. As reported, and as expected, it failed to install. However, after a reboot and before selecting to install Sierra, I went to the Utilities menu and launched Terminal and entered the following code*:

date 1010101018

After exiting Terminal I selected to install Sierra, and it worked fine. Changing the date has been thrown out as a possible solution, and one mentioned by the software DiskMaker X as a possible solution in the past, and one I find will be probably the easiest to implement going forward instead of worrying about downloading a new catalog of software.

All of this mess with Apple of late very much reminds me of the ending to the movie WarGames. The only winning move is not to play. Anyone for a nice game of chess?

* mmddHHMMyy
(mmonth, dday, HHour, MMinute, yyear)
 



... I have been beating my head against the wall for a good portion of the weekend working on trying to build new USB flash drive installers for each of the new installers from Mavericks to Catalina. Like others have reported, there is a problem with the macOS Sierra file Apple made available for download. They definitely did not test this.
After all this aggravation, and numerous emails with Ric, I decided on a different tack....
The problem is creating an installer drive using the createinstallmedia command, not actually using the installer to install Sierra.

So my workaround was to use the "new" Sierra installer to create a bootable Sierra flash drive (complete with Finder, etc.) and then to simply drop the new Sierra installer into that drive's Applications folder. The drive actually has a Recovery partition, so with the presence of the actual new Sierra installer, it works as an emergency booter and an installer.

Certainly not as convenient as createinstallmedia, but as a kludge, it solves a problem. I can just wipe the drive and start over when/if Apple fixes this goofy Sierra installer.

TKS Ose's suggestion of changing the Mac's date using that command word works quite well, but if you decide to go down that path, be sure to check that you've disabled your Internet before making the change, or your Mac will probably just use a time server to "fix" the date and render all your plans awry. (It did that on my Mac.)
 


Certainly not as convenient as createinstallmedia, but as a kludge, it solves a problem. I can just wipe the drive and start over when/if Apple fixes this goofy Sierra installer.
Agreed that there can be multiple solutions to this problem Apple created. I looked at it from a standpoint of not wishing to download tens of gigabytes of installer files over again. Maybe in the future, but not now. For now, this is one possible path which I have chosen to use. My normal workflow for such is to create installer media at the time needed, and then erase it when done in preparation when needed next. I have tried to maintain a working archive of OS and application installers, along with pertinent updaters, for macOS, Windows and various flavours of Linux in order than I need not rely on others to maintain what I may need and be subject to their whims.
 


I spent an afternoon redownloading all the final Combo Updates and Security Updates for Snow Leopard through Mojave from Apple's Support Downloads website. I'm waiting a bit on the macOS Installers until Apple sorts everything out, and hoping that installers for Lion–Mavericks show up (apparently they might be available to developers?).

Anyway, a couple things I noticed. Most of the packages were respun and signed with the new certificates in July and August (Suspicious Package tells you when the packages were signed). Despite this, they failed to begin posting them on the Support Downloads site until less than a week before the Oct. 24 expiration (I know, as I was downloading and checking packages every couple weeks watching for any sign of updated packages). There was no reason why the new packages shouldn't have been rolled out back in August or September.

After respinning all those packages in July and August, they apparently completely forgot about all the raft of security packages they issued on Sept. 26 (as part of their regular release schedule), such as macOS 10.14.6 Update with Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra, etc, and signed them with the old certificates and promptly ignored them. macOS 10.14.6 Update with Supplemental Update 2 only got reissued hours before it expired when someone told Apple. And although they were signed at the same time as the 10.14.6 Update on Oct. 24, updated Security Update 2019-005 High Sierra and Security Update 2019-005 Sierra packages were not posted to Support Downloads until sometime on Oct. 26.

There's a real breakdown in process management at Apple.
 


Evidently the new option is only intended to allow download of installers for currently-supported versions of macOS.
I can confirm that the command can be used to pull down a full installer for macOS 10.13.6, but attempts to download older major versions result in a "not found" error, even when executed on a Mac that can boot the requested older version of macOS/OS X.
While I didn't download them to completion I was able to initiate a download of the Mavericks full size installer as a past purchase from the App Store on my Mini running High Sierra. your milage may vary.
 


While I didn't download them to completion I was able to initiate a download of the Mavericks full size installer as a past purchase from the App Store on my Mini running High Sierra. your milage may vary.
I was able to download all the installers via a Mac running Sierra. I have 10.11 through 10.15 installers in folders labeled "installername" - 2029 (to remind me when they expire again).

I found this to be cumbersome (thanks for the links, but Apple's methods are impractical), as I sometimes need to wipe an old Mac or have to install for a VM. I don't do the Hackintosh, but I can see the practical use for booting a volume to a specific OS to run a specific application (like forensics, recovery, application-discontinued, custom driver device access...) But, unlike Windows (I use Rufus to make bootable USB flash drives), Apple's getting way too strict with their policies.
 


I did a search for the 10.14.6 Combo Update at the Apple Software updates page and downloaded it. It worked. However, the download page shows a September 26, 2019 post date. Wouldn't you think they would show something about the new file having the new post-10/24 certificate; maybe an "updated" note? Good job burying your heads in the sand, Apple.
 


Ric Ford

MacInTouch
Here's more about the problem:
BBC News said:
iPhone 5 users risk losing internet access
Apple iPhone 5 users have been warned to update their software before the weekend or face losing access to the internet.

The technology giant said users who did not download iOS 10.3.4 by 3 November would be locked out of features that rely on the correct time and date.

This includes the App Store, email, web browsing and storage service iCloud.

While it is not the latest version of the operating system, it is the most up-to-date available for the model.

Users of older iPhones have also been advised to update their software in order to maintain accurate GPS location services.
 


There's an October 28, 2019 iOS 12.4.3 (Build 16G130) update for devices that are newer than the iPhone 5 and won't update to iOS 13. Have suggested user of iPhone 5s and iPhone 6 defer installing until there are reports if this update causes issues.

There's essentially no information about the update online. I did find a pointer that directed to Apple Developer, but that's not public.

Insights? Experiences?
 


There's an October 28, 2019 iOS 12.4.3 (Build 16G130) update for devices that are newer than the iPhone 5...
Insights? Experiences?
George, while this update does contain security updates, there is no need to immediately rush out to install, unless you can do without the device, should a problem occur. Never hurts to play the waiting game for a day or two just to be sure.
 


There's an October 28, 2019 iOS 12.4.3 (Build 16G130) update for devices that are newer than the iPhone 5 and won't update to iOS 13.
This is very interesting. The previous security update, iOS 12.4.2, could have been seen as an anomaly, released so close to the initial iOS 13 release and addressing a very serious RCE bug. But could this second security release for an n-1 iOS version signal a pattern and a shift in Apple's release policy for iOS? Although Apple is still requiring capable devices to update to the latest major iOS release for security fixes, an extra year's worth of security updates for still-viable iOS devices that can only run n-1 iOS version would be welcome news to many users.
 


... Most of the packages were respun and signed with the new certificates in July and August (Suspicious Package tells you when the packages were signed). Despite this, they failed to begin posting them on the Support Downloads site until less than a week before the Oct. 24 expiration...
There's a real breakdown in process management at Apple.
Regarding the pursuit of recertified versions of Mac installers and updaters:
Marcel Bresink, developer of TinkerTool and other Mac utilities, has an ongoing list by date of re-released Apple software on his blog page at

By the way, TinkerTool System has a drag-and-drop feature to create Mac install volumes. Very likely it is a GUI for the built-in createinstallmedia program, but it could ease the process and negate carefully typing source and target paths – potentially helpful to those who are wrangling with the replacement macOS Sierra installer.
 


Ric Ford

MacInTouch
I just started up a vanilla macOS Mojave system I haven't used for quite a few weeks. I thought it might be good to update it. Being used to macOS Sierra, this was a bit confusing, but I got to a place where it seemed ready to download the Supplemental Update while it was also trying to get me to install Catalina, which I absolutely did not want to do.

I started the update, with a little trepidation (about Catalina being snuck in), and it wanted to reboot. The subsequent process took too long to sit and wait for it, but it eventually finished and brought Mojave back up on screen.

It took time and effort to find a list of Apple's updates, finally located in System Information > Software > Installations, where I found... two installations of "macOS Mojave 10.14.6 Supplemental Update 2", one after the other with no differences listed, installed a few minutes apart.

I feel a little like some Alice in Apple "Wonderland" nowadays.
 


I did a search for the 10.14.6 Combo Update at the Apple Software updates page and downloaded it. It worked. However, the download page shows a September 26, 2019 post date. Wouldn't you think they would show something about the new file having the new post-10/24 certificate; maybe an "updated" note? Good job burying your heads in the sand, Apple.
Barry, I'm with you 100% on the provision of an identifier of some kind to aid users, but I'm not surprised that Apple is taking the opportunity to play one of their favorite games, Hide-n-Seek! I believe I have found a clue: by hovering over an item's download link, you can look for the presence of /2019/cert/ in the source file path preceding the item’s index code and name. In Safari, activate View > Show Status Bar, then check the bottom of the browser window for a path like this;

updates.cdn-apple.com/2019/cert/061-41408-20191024-e12bb1d6-b267-4836-9a00-2d3d3341646f/macOSUpd10.14.6Supplemental.dmg​

To verify that the presence of /2019/cert/ in the URL is actually an indicator of a "re-certified" download, I pulled down the latest El Capitan Security Update (Jul 18, 2016), the last Mavericks Combo Update (Sep 17, 2014), and Snow Leopard Combo Update v1.1 (jul 25, 2011) then checked them with Suspicious Package. They all checked out with 2029 expirations!

Randomly checking links while scrolling down and loading ever older content, I found that Mac OS X 10.5.8 Update and Mac OS X 10.5.8 Combo Update, both dated Aug. 12, 2009, are the cut-off, age-wise. None of the Mac OS X 10.4 Tiger offerings, whether for PowerPC or Intel, are delivered from the /2019/cert/ directory. A couple other cutoff points include: Java for Mac OS X 10.5 Update 10 (Jun 23, 2011) and Server Admin Tools 10.6.8 (May 31, 2011).

A few odds and ends that seem to be excluded, even though they are of similar vintage: Apple FIPS Cryptographic Module v1.0 (Apr 20, 2011), Mac OS X v10.6.4 Update iMac (Mid 2010) (Jul 27, 2010), Mac OS X v10.6.4 Update Mac mini (Mid 2010) (Jun 15, 2010), OS X Recovery Disk Assistant v1.0 (Aug 8, 2011), Front Row 2.1.7 (Mar 11, 2009), Gutenprint Printer Drivers for Mac OS X v10.6 (Aug 27, 2009)

This is how things look at 6pm PDT on Oct. 28, 2019 and is likely still in flux.
 


I had no intention of upgrading from Mojave to Catalina yet, and have been dutifully telling the nag notification to ask me tomorrow. Well, today, I decided to be different and selected "try in an hour" since I intended to be gone and the iMac asleep.

An hour later, during sleep, my slam dunk II iMac is now updating itself - to Mojave 12.14.6. Whew, I think I dodged a bullet, as I thought it was updating me to Catalina.

Curiously, Safari stayed at 12.1.2, and I've unchecked all auto system installs and cancelled the attempt to "install Safari tonight." Is Safari 13 safe now?
 


I wonder when the current certificates will expire again.
TidBITS said:
Previously Downloaded OS X Installers No Longer Work
The new installers are signed with a certificate that expires on 7 February 2023, so it will be quite a few years before Mac users are affected again.
So did the El Capitan installer certificate somehow prematurely expire Oct. 2019? Or maybe that date related to some other installers?

Anyway, it would be nice to have better knowledge when the certificates will expire. Just recently I was bitten by this despite trying to plan the install process:

I had about a 2-year-old El Capitan installer that worked OK last August when I tested it in advance. Then I installed a Samsung 860 EVO 1TB to my old Mac Mini Late 2009 to give it a few more years. But just then, Oct. 16, the El Capitan installer certificate decided to expire with a somewhat misleading error message, "this installer may have been tampered with." (I prepared a new flash drive two more times with the same result for the old download.)

I could have set the system clock back to make the installer work, but that seemed like a hack... Luckily, I still had the old spinning hard drive with the old El Capitan install. So I put the old hard drive into a NewerTech Voyager Q drive dock and booted it via FireWire 800. Then I could download a brand new El Capitan installer from the App Store's Purchased tab. The download took about 3 hours, so the install process took a lot more time than I had planned....

But what if I didn't have an old El Capitan install to boot from? If the old hard drive was broken, and I had no boot media for the Mac Mini 2009? Internet Recovery install works only when booted from a recovery partition with that Mac Mini 2009. The household has some newer Macs, but as they do not support El Capitan, they can not download it.
 


I'm re-downloading installers:

Boot an old MacBook Pro to Mac OS X 10.6 and easily downloaded OS X 10.7 thru OS X 10.11 installers

Boot the same Mac to an OS X 10.10 partition and try to download macOS 10.12 + macOS 10.13 installers:
  1. Go to Apple's special page for re-downloading installers
  2. Click on the macOS Sierra link
  3. Click on the "If you still need macOS Sierra, use this link: Download macOS Sierra. A file named InstallOS.dmg will download to your Mac."
  4. WTF? "InstallOS.dmg" - double click, install, what?
  5. Go to Apple's special page for re-downloading installers
  6. Click on the macOS High Sierra link
  7. Click on the "If you still need macOS High Sierra, use this App Store link: Get macOS High Sierra."
  8. The App Store app opens - to the normal home page. It does not go to a High Sierra download. I cannot find or get to a High Sierra download.
  9. Boot up my test Mac mini in 10.15 Catalina and use the Terminal to download the High Sierra installer - works first time
  10. WTF is going on, Apple?
That old Mac's support ends at macOS 10.13, so use my current Mac (MacBook Pro 2016 running macOS 10.14) to re-download macOS 10.14:
  1. Open the App Store app - works
  2. Login to my account - works
  3. Search for macOS 10.14 "Mojave" - can't find it (as expected)
  4. Search for macOS 10.15 "Catalina - find it (as expected)
  5. All this time, no errors with the App Store
  6. Go to Apple's special page for re-downloading installers
  7. Click on the macOS Mojave link
  8. Click on the "If you still need macOS Mojave, use this App Store link: Get macOS Mojave."
  9. Get an error message, "Cannot Connect to App Store" - Retry | OK (the App Store window is open behind this message and has worked all this time up until now)
  10. Click "Retry" - same error
  11. Click "Retry" - same error
  12. Click "Retry" - same error
  13. Click "OK" - dialogue box disappears
  14. Click on the App Store window and the App Store works normally
  15. Go back to the web page and click Get macOS Mojave
  16. Get an error message "Cannot Connect to App Store" - Retry | OK
  17. Click "Retry" - same error
  18. Click "Retry" - same error
  19. Click "Retry" - same error
  20. Click "OK" - dialogue box disappears
  21. Click on the App Store window and the App Store works normally
  22. Search for macOS 10.14 "Mojave" - can't find it (as expected)
  23. Search for macOS 10.15 "Catalina - find it (as expected)
  24. Boot up my test Mac mini in 10.15 Catalina and use the Terminal to download the Mojave installer - works first time
Now I think Apple might currently be having problems with their update CDN servers (as I can't download the new combo updates via Firefox, but Safari works - go figure), but, all in all, this is a very, very sh*tty user experience. :-(
 


Ric Ford

MacInTouch
Apple's software/security update messes continue at full steam today.

At least macOS Catalina 10.15.1 looks straightforward.

But even the Apple Security Updates page is currently out of date (as is the sick joke that Apple's Downloads page has become).

I'm trying to dig up the other security/software update information at the moment, but other Apple web pages are also out of date.

watchOS 6.1 has been released, available via iOS 13.2.

Mojave and High Sierra both have security updates, which I can't find on Apple's website. Sierra apparently doesn't get the security update.

But there's an XProtect update (including for Sierra).

This all feels like Apple operations have gotten out of control*, and I wonder how severe the mysteriously undisclosed security problems across its platforms are, and what they are, exactly, or what else is going on inside Apple. It's altogether very discomforting, as well as wasting huge amounts of our time chasing around trying to find things that should be plain and obvious, but very much aren't.

* I have two vivid memories of this type of situation in my career, when problems with large computer systems spiraled out of control for a while and the people responsible for managing these systems started flailing about, losing focus and direction. Not pretty sights. I don't know if the same thing is happening within Apple at the moment, but it sure wouldn't surprise me, especially if there's a severe security problem in play.

#applequality #applesecurity
 


Now I think Apple might currently be having problems with their update CDN servers (as I can't download the new combo updates via Firefox, but Safari works - go figure), but, all in all, this is a very, very sh*tty user experience. :-(
It's truly annoying that Apple refuses to provide a simple download site where a user can navigate easily to a desired file through sensible, hierarchical product folders, like the old ftp.apple.com site. There is no compelling user-focused reason why a person should be prevented from downloading any Apple installer using any computer they like, even a Windows PC. This is just another example of Apple losing the plot and being hostile to its users.
 


That old Mac's support ends at macOS 10.13, so use my current Mac (MacBook Pro 2016 running macOS 10.14) to re-download macOS 10.14:
  1. Open the App Store app - works
  2. Login to my account - works
  3. Search for macOS 10.14 "Mojave" - can't find it (as expected)
  4. Search for macOS 10.15 "Catalina - find it (as expected)
  5. All this time, no errors with the App Store
  6. Go to Apple's special page for re-downloading installers
  7. Click on the macOS Mojave link
  8. Click on the "If you still need macOS Mojave, use this App Store link: Get macOS Mojave."
  9. Get an error message, "Cannot Connect to App Store" - Retry | OK (the App Store window is open behind this message and has worked all this time up until now)
Just downloaded the Mojave 10.14.6 installer through the App Store link. Didn't have any problem connecting or downloading the installer. However, is there any way to know if this installer has the updated certificate? The creation date is Sept. 19, 2019, but I'm not sure that's relevant. I've already trashed an older Mojave installer, as well as the High Sierra installer, and I'm guessing my Sierra USB installation flash drive will no longer work.
 


I don't usually report to MacInTouch about the following, but having had yet another long and irritating update tonight, I thought I'd share a few words.

Updated tonight Catalina to 10.5.1. Hooray. It is most definitely faster, in terms of Finder matters (folder opening, until this update, took ages, as did scrolling). But for probably the 10th time in the last three years, the software update process was atrocious. Downloading the 4.4GB seemed ok... a stop, a restart, then a halt for 2 hours... so, yet again, I shut down and restarted, was later told to restart, again... then another hour or so, then here we are, 10.5.1.

This process, more or less, is very familiar... basically just get through it as best you can.

Steve Jobs was always extremely outspoken about great software, the iApps, efficient updates, faster this, faster that... but I think software quality control is pretty grim these days.

Someone stated here how all this rapid annual new system updating is ruining the software quality, especially with so many OS versions. Totally agree. 18 months/2 years... why not?

#applequality
 


TidBITS said:
Previously Downloaded OS X Installers No Longer Work
The new installers are signed with a certificate that expires on 7 February 2023, so it will be quite a few years before Mac users are affected again.
So did the El Capitan installer certificate somehow prematurely expire Oct. 2019? Or maybe that date related to some other installers?
The 2023 date is related to the Apple Worldwide Developer Relations Intermediate Certificate used to sign the "Install OS X El Capitan.app" installer app that is downloaded from the Mac App Store. All apps downloaded from there must be signed with that certificate. That is distinct from the Software Update certificate that signs the installer packages inside the InstallESD.dmg inside the Install macOS app. In the TidBITS article, they did not inspect the Software Update certificates for the packages and notice that they expired in Oct. 2019.
 


Just downloaded the Mojave 10.14.6 installer through the App Store link. Didn't have any problem connecting or downloading the installer. However, is there any way to know if this installer has the updated certificate? The creation date is Sept. 19, 2019, but I'm not sure that's relevant.
My newly downloaded installer also has a creation date of Sept. 19, 2019, so I'm relatively certain this is the new one with the new certificate. I believe it has been stated elsewhere on MacInTouch that you can inspect the package and check the certificate. The easiest way to check is to simply run it - if it runs, it's new. If it fails with an error then it's old.
I've already trashed an older Mojave installer, as well as the High Sierra installer, and I'm guessing my Sierra USB installation flash drive will no longer work.
Yes, your Sierra USB installation flash drive will no longer work. You'll need to create a new one using a new version of the installer, but as others have reported here, there appear to be problems with the new Sierra installer (also noted by the fact that Apple want you to download a disk image file for the new Sierra installer and not a proper, old-style installer).
 


My newly downloaded installer also has a creation date of Sept. 19, 2019, so I'm relatively certain this is the new one with the new certificate. I believe it has been stated elsewhere on MacInTouch that you can inspect the package and check the certificate. The easiest way to check is to simply run it - if it runs, it's new. If it fails with an error then it's old.
I've tried to get the updated Mojave twice. Both downloads had the Sept. 19 date but failed with the error when I tried to run them.
 


I just updated with "Security Update 2019-001 10.14.6" on a Mac Mini 8,1 (2018 Mini with T2 chip). According to LockRattler, the EFI firmware was just updated to 1037.40.124.0.0 with no other changes indicated.

While logging in to the updated system, I found the USB keyboard and mouse extremely erratic. Substituting a wireless keyboard allowed typing. I used Screen Sharing to connect from my MacBook Pro, and the trackpad works flawlessly, along with the usual MacBook Pro keyboard performance.

Externally, it looks as if there is a problem servicing HID inputs on USB.

I'm looking for corroboration from others and advice on how to proceed.
 


Ric Ford

MacInTouch
I just updated with "Security Update 2019-001 10.14.6" on a Mac Mini 8,1 (2018 Mini with T2 chip). According to LockRattler, the EFI firmware was just updated to 1037.40.124.0.0 with no other changes indicated.
Wow, I had to do some research to get any idea of what the ... Apple is doing here.

This "Security Update 2019-001" is apparently new and exclusive to macOS 10.14 Mojave.

Here are two different "Security Update 2019-001" packages that Apple distributed all the way back in January that appear to be completely unrelated to this new one.
As someone who had been documenting (or trying to document) Apple updates for other people for decades, I really do not appreciate such confusing Apple naming for critical security patches.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts