MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security


Thanks for reminding me how ghastly and clumsy Apple's Downloads pages have become. It takes real effort to combine the worst elements of text-driven searching and big-buttoned browsing to create a flattened interface for navigating through what is essentially hierarchical information.
 


I can't get the App Store to download the full Mojave installer. Is this related to the security updates being withdrawn?
I faced the same situation last week, before the update withdrawals. Further, I remember seeing a lot of discussions when Mojave (or HIgh Sierra?) was first released, both here and on other sites, that made it sound like the App Store stub-triggers-full-Installer-download design is now Apple's standard for OS installs. If I remember correctly, it has something to do with the decoupling of macOS software from Apple IDs.
 


I can't get the App Store to download the full Mojave installer. Is this related to the security updates being withdrawn?
Are you using this ‎macOS Mojave link? Are you able to download anything?

In addition to the stub download issues, there have been reports of installation failures on selected T2-based Macs that are related but no complete failure to download anything that I'm aware of.
 


I faced the same situation last week, before the update withdrawals. Further, I remember seeing a lot of discussions when Mojave (or HIgh Sierra?) was first released, both here and on other sites, that made it sound like the App Store stub-triggers-full-Installer-download design is now Apple's standard for OS installs. If I remember correctly, it has something to do with the decoupling of macOS software from Apple IDs.
I thought that when this happened before, ultimately it was determined that it was due to a temporary problem in the App Store.

I had no trouble downloading the full installer for previous versions of Mojave.
Are you using this ‎macOS Mojave link? Are you able to download anything?
Yes, it downloads the stub installer.

(I tried clearing the App Store cache.)
 


It pretty much comes with the technology. That type of speech recognition is a type of machine learning, and if left to itself, its algorithms can go off the rails, like the infamous Microsoft chatbot that evolved into a racist troll after less than 24 hours of unfiltered Twitter feed. The usual solution is having humans check results. That can be a problem with private information.
I think part of the problem lies with the use of non-employees, who are much less bound to any Apple employee conduct guidelines than Apple's own workers. Apple and other companies in this business whose employees regularly have access to private or sensitive information should be vetted and bonded to the proper use of it. I, as a user, wittingly or not, share my information with Apple, not other parties of whom I have no knowledge or with whom I have no recourse in the event my information is compromised, mishandled, stolen, or misused.
 


Ric Ford

MacInTouch
Oh, look, here they are, back again...
I installed Security Update 2019-004 Sierra the first time, and it is listed in Mac App Store > Updates as applied on July 22, but the App Store wants to install it again, this time calling it "Security Update 2019-004 10.12.6" vs. the first version, which was just named "Security Update 2019-004", although it also applied to macOS 10.12.6....

Here are some more details from Howard Oakley:

I guess I'll do more backups, log my system/firmware versions, and reinstall Security Update 2019-004 Sierra on top of Security Update 2019-004 Sierra on two Macs, log the updated system/firmware versions, and then do the same dance for Mojave and High Sierra systems....
 


Ric Ford

MacInTouch
(There's no T1 or T2 subsystem in the 2017 iMac, thus no BridgeOS.)

2017 iMac 5K, running macOS Sierra, after the first Security Update 2019-004 Sierra:
Model Identifier: iMac18,3​
Boot ROM Version: 175.0.0.0.0​
SMC Version (system): 2.41f1​
System Version: macOS 10.12.6 (16G2127)​
Kernel Version: Darwin 16.7.0​

After installing the second version, Security Update 2019-004 10.12.6:
Model Identifier: iMac18,3​
Boot ROM Version: 175.0.0.0.0​
SMC Version (system): 2.41f1​
System Version: macOS 10.12.6 (16G2128)​
Kernel Version: Darwin 16.7.0​

I installed a vanilla macOS Sierra system from a USB flash install stick last week. It has not yet had the following updates installed, but note that the App Store did not list the first Security Update 2019-004 this time, even though I never installed it:
  • iTunes 12.8.2
  • iTunes Device Support Update
  • Remote Desktop Client Update 3.9.3
  • Safari 12.1.2
  • Security Update 2019-004 10.12.6
The older macOS Sierra system firmware and kernel are the same versions as on the updated systems — only the system build number is different (and different in format):
Model Identifier: iMac18,3​
Boot ROM Version: 175.0.0​
SMC Version (system): 2.41f1​
System Version: macOS 10.12.6 (16G29)​
Kernel Version: Darwin 16.7.0​

#firmware #securityupdate
 



Ric Ford

MacInTouch
Here's a pretty big Apple security flaw, patched only in the latest iOS release after Apple was notified a couple of months ago:
Bleeping Computer said:
Apple iMessage Flaw Lets Remote Attackers Read Files on iPhones

An iMessage vulnerability patched by Apple as part of the 12.4 iOS update allows potential attackers to read contents of files stored on iOS devices remotely with no user interaction, as user mobile with no sandbox. The security flaw tracked as CVE-2019-8646 was discovered by Google Project Zero security researcher Natalie Silvanovich who reported it to Apple during May.
 


System Version: macOS 10.12.6 (16G2127) {after first 2019-004 update}
System Version: macOS 10.12.6 (16G2128) {after second 2019-004 update}
System Version: macOS 10.12.6 (16G29) {after install from USB flash drive}
These are expected.
Wikipedia said:
Hackers can confirm or see build numbers without installing by using Pacifist to poke around installer packages and/or mount BaseSystem.dmg from an "Install Mac OS" app. The file containing the build number is
/System/Library/CoreServices/SystemVersion.plist
 


After a week of troubleshooting, I determined the last security update broke file sharing on my main workhorse (2015 MacBook Pro) running Sierra. I keep it in sync with documents on my 2018 Retina MacBook Air.

My error was having the box checked that said to always download and install security updates. Doh!

After resetting the router, needlessly updating to High Sierra (stuck with APFS), I gave up - until I saw notice of the new security update today. Installed it and voila! File sharing works as it always did.

It all came together after researching the topic, and the best information came from MacInTouch threads in November 2017, when a previous security update broke file sharing. Thanks to all who posted to that topic!
 


I installed a vanilla macOS Sierra system from a USB flash install stick last week. It has not yet had these updates installed, and note that the App Store does not list the first Security Update 2019-004:
  • iTunes 12.8.2
  • iTunes Device Support Update
  • Remote Desktop Client Update 3.9.3
  • Safari 12.1.2
  • Security Update 2019-004 10.12.6
Its firmware and kernel are the same — only the system build number is different (and oddly different in format):

Model Identifier: iMac18,3​
Boot ROM Version: 175.0.0​
SMC Version (system): 2.41f1​
System Version: macOS 10.12.6 (16G29)​
Kernel Version: Darwin 16.7.0​
Firmware is associated with the computer and will not vary by macOS version. Once installed by any installer, it will stay the same until a newer version is released on a subsequent installer.

macOS 10.12.6 (16G29) is the release version of 10.12.6, so the Security Update 2019-004 was not installed.
 


Ric Ford

MacInTouch
Firmware is associated with the computer and will not vary by macOS version. Once installed by any installer, it will stay the same until a newer version is released on a subsequent installer.
I guess it's installed in the invisible EFI partition — the first partition on the drive. If I install Mojave on a Sierra system, does it update the EFI firmware in the process? (I think it's a prerequisite for running Mojave.) But, then, can I still boot Sierra from that drive after Mojave has put its own, updated firmware in the EFI partition? (I guess so, since I can boot both macOSes from the same drive.) But if I erase the drive and clean-install Sierra, will that prevent Mojave from booting?
macOS 10.12.6 (16G29) is the release version of 10.12.6, so the Security Update 2019-004 was not installed.
Security Update 2019-004 was not included in the standalone installer, but it's queued as an update now for the installed system.
 


If I install Mojave on a Sierra system, does it update the EFI firmware in the process? (I think it's a prerequisite for running Mojave.) But, then, can I still boot Sierra from that drive after Mojave has put its own, updated firmware in the EFI partition?
Yes and yes. That's some of what makes EFI updates so complicated, in that they must be backward-compatible with any macOS that model is capable of running.

But very little of what's contained in EFI has anything to do the OS — most, if not all, recent updates have been needed to patch [low-level] vulnerabilities and compatibility with the CPU and other hardware features.
But if I erase the drive and clean-install Sierra, will that prevent Mojave from booting?
Security Update 2019-004 will reinstall the EFI update, so that Mojave will boot.
 


No problems with the update on my Hackintosh or my 2013 Mac Pro.

I must say that the more I hear about the T2-based Macs, the less inclined I am to ever get one. The security enhancements read great but don't seem to have much real-world relevance, unlike the tradeoffs in upgradeability, serviceability, and overall system reliability.
 


I guess it's installed in the invisible EFI partition — the first partition on the drive.
One other thing that might help here: Although EFI is uploaded to a normally hidden partition of the boot drive, it's just an interim placement which is transferred to the computer's firmware at first boot after a change.

I don't believe that an older version will ever replace a newer version on the computer — if you were to totally erase the drive and install an older EFI partition, it should not impact your ability to boot any hardware-compatible macOS.
 


There were two High Sierra updates that came through the App Store. I installed the first one on July 23 and the replacement yesterday. Neither created problems, but I installed both just in case.
 


This may seem like a stupid question, but should I install the new macOS 10.14.6 update over the old one or just leave things alone? I have not had any problems with the old 10.14.6 update on my 2017 MacBook.
 


Ric Ford

MacInTouch
This may seem like a stupid question, but should I install the new macOS 10.14.6 update over the old one or just leave things alone? I have not had any problems with the old 10.14.6 update on my 2017 MacBook.
It's a very confusing situation, but Apple's macOS 10.14.6 download page shows a date of July 22.

One thing you could do is run Howard Oakley's SilentKnight, which will report on the various components and their update status. But if macOS wants to install an update, it should be OK. Just be sure to make a good, complete backup and set that aside before doing the update, since they can sometimes go wrong (or very wrong).

I installed macOS 10.14.6 on a 2018 MacBook Pro on July 23, and there is no new update shown in System Preferences > Software Update. Here are the current versions on this system, which SilverKnight reports is up to date:
Model Identifier: MacBookPro15,2​
Boot ROM Version: 220.270.99.0.0 (iBridge: 16.16.6568.0.0,0)​
System Version: macOS 10.14.6 (18G84)​
Kernel Version: Darwin 18.7.0​
 


This may seem like a stupid question, but should I install the new macOS 10.14.6 update over the old one or just leave things alone?
There is no new macOS 10.14.6 update.

The updates only involved macOS 10.12.6, 10.13.6 and BridgeOSUpdateCustomer for some people with a T1/T2 Mac.

If System Preferences > Software Updates tells you that you need something, go ahead and install it — otherwise, "just leave things alone".
 


I guess it's installed in the invisible EFI partition — the first partition on the drive. ...
One other thing that might help here: Although EFI is uploaded to a normally hidden partition of the boot drive, it's just an interim placement which is transferred to the computer's firmware at first boot after a change.
On a typical EFI-based PC, the EFI partition contains extensions to the motherboard's ROMs in order to provide support for add-on hardware and bug fixes for the ROM-based firmware. During the pre-boot sequence, the ROM-based firmware will load device drivers from that partition in order to make the associated hardware available to the operating system's boot loader.

On Macs, however, Apple puts all of their firmware in the BootROM (flash memory on the motherboard, separate from any SSD that may be present). Third-party hardware that is to be used during the pre-boot sequence must have extension ROMs containing the drivers (which is why video cards without Mac-compatible ROM code don't work until after macOS loads). If you mount the EFI partition, you will almost certainly find it empty. As far as I know, if you try to manually put an EFI driver in there, it will be ignored by the BootROM and won't actually load.

As I understand it, Apple's firmware updaters may use the EFI partition as temporary storage while performing the firmware update, but that update will write the updated firmware into your BootROM storage. Once the BootROM is updated, those files will be deleted from the EFI partition.
 


Ric Ford

MacInTouch
Marcel Bresink, who created TinkerTool and other Mac software, posted some helpful notes (emphasis added):
Marcel Bresink Software-Systeme said:
Blog

July 29, 2019:
Apple releases new software via macOS Software Update:
  • Security Update 2019-004 for macOS Sierra (Update Product ID: 041-93815)
  • Security Update 2019-004 for macOS High Sierra (Update Product ID: 041-93819)
  • BridgeOS Customer Update (Update Product ID: 041-93793)
  • Whitelist for Macintosh firmware security checks (“EFICheck AllowList”), version 71 (Update Product ID: 041-82043)
BridgeOS is the secondary hardware management operating system running on the Apple T2 processors of selected Macintosh model series.

July 24, 2019:
Apple has officially withdrawn the following updates, originally published on July 22:
  • Security Update 2019-004 for macOS Sierra (Update Product ID: 041-59910)
  • Security Update 2019-004 for macOS High Sierra (Update Product ID: 041-59906)
  • BridgeOS Customer Update (Update Product ID: 041-51542)
These updates are known to cause operating system crashes on specific Macintosh model series.
...
July 22, 2019:
Apple releases new software via macOS Software Update:
  • macOS Mojave 10.14.6 Update (Update Product ID: 041-88928)
  • macOS Mojave 10.14.6 Combo Update (Update Product ID: 041-88925)
  • macOS Mojave 10.14.6 Upgrade for users of macOS Sierra (Update Product ID: 041-88929)
  • Security Update 2019-004 for macOS Sierra (Update Product ID: 041-59910)
  • Security Update 2019-004 for macOS High Sierra (Update Product ID: 041-59906)
  • Safari 12.1.2 for macOS Sierra (Update Product ID: 041-62930)
  • Safari 12.1.2 for macOS High Sierra (Update Product ID: 041-56829)
  • BridgeOS Customer Update (Update Product ID: 041-51542, 041-88933)
  • Gatekeeper version 173 Configuration Data (Update Product ID: 041-88218)
  • Command Line Tools for Xcode 10.3 and macOS 10.14 (Update Product ID: 041-86543)
 



FWIW, here's what the EFI partition on my Mac Pro 6,1 looks like. Not entirely empty, but not much there, either.
Interesting. I wonder if a system update was interrupted during an update, since you've got all those cache files.

But it does appear that Apple is putting something in there these days. The last time I checked, my EFI partition just had a few empty directories, but I just checked on my system (2011 MacBook Air running Sierra):
Bash:
diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *121.3 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:                  Apple_HFS Grover                  120.5 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3

sudo mount -t msdos -o rdonly /dev/disk0s1 tmp
cd tmp
ls -Rl
total 1
drwxrwxrwx  1 dcharlap  staff  512 Mar 31  2017 EFI/

./EFI:
total 1
drwxrwxrwx  1 dcharlap  staff  512 Jul 29  2017 APPLE/

./EFI/APPLE:
total 2
drwxrwxrwx  1 dcharlap  staff  512 Mar 31  2017 EXTENSIONS/
drwxrwxrwx  1 dcharlap  staff  512 Jul 29 22:28 FIRMWARE/

./EFI/APPLE/EXTENSIONS:
total 30722
-rwxrwxrwx  1 dcharlap  staff  15729264 Jul 29 22:34 Firmware.scap

./EFI/APPLE/FIRMWARE:
total 16514
-rwxrwxrwx  1 dcharlap  staff  8454768 Jul 29 22:28 MBA41.scap
A copy of Firmware.scap can be found in /usr/standalone/i386.
MBA41.scap is definitely hardware related (since the computer is a MacBook Air 4,1).

Which is very interesting. One of the things Apple used to write about is that their BootROM code understands HFS+ (and now APFS) and therefore doesn't need a FAT-formatted partition (the EFI partition) to hold the bootloader and related code.

The files are dated this past Monday night, when I installed Security Update 2019-004 and I didn't interrupt the upgrade. So now the big question is if they are actually being used or if they are temporary files that didn't get deleted.
 


El Capitan's last security update was released in July 2018 (Security Update 2018-004 El Capitan), which leads me to wonder if this month's Security Update 2019-004 will be the end of the road for Sierra. Even if it's not, it seems prudent for Sierra users to start giving some serious thought to when/whether they will move to a newer OS.

I really wish Apple would publish an official lifecycle support policy for its software, rather than leaving us guessing.
 


Ric Ford

MacInTouch
El Capitan's last security update was released in July 2018 (Security Update 2018-004 El Capitan), which leads me to wonder if this month's Security Update 2019-004 will be the end of the road for Sierra. Even if it's not, it seems prudent for Sierra users to start giving some serious thought to when/whether they will move to a newer OS.
I've been wondering about the same thing. An experimental update to Mojave wasn't great, but I've avoided High Sierra because of its horrendous quality and security problems initially.

I'm wondering if High Sierra is now good enough to replace Sierra (where I'm finding a few bugs, too, in color/display handling and there may be more).

I also wonder about HFS+ vs. APFS for High Sierra. I understand the benefits of APFS (particularly for snapshots, as recently discussed for security and backups), but I don't understand whether or not High Sierra APFS has somehow been updated to the newer APFS code of Mojave, and I'm also not sure whether HFS+ or APFS would be best for a High Sierra boot drive.
 


I've been wondering about the same thing. An experimental update to Mojave wasn't great, but I've avoided High Sierra because of its horrendous quality and security problems initially.
Exactly. I'm not interested in Dark Mode, and the few truly useful new features since Sierra don't seem to outweigh the pitfalls of Apple's increasing focus on pushing consumption of its "services" instead of enhancing productivity.

I hesitate to go any further down the "services" road than is absolutely necessary, which would suggest High Sierra for now, but perhaps it would be better just to suck it up and move to Mojave, accepting the nag messages, "services," and other questionable changes, to avoid having to do another major update later. (Experimenting with the Catalina beta has gone much better than I expected, but I don't see myself moving to it in the foreseeable future, if ever.)

My main personal machine is a mid-2012 MacBook Pro (non-Retina). The apps and documents on its drive can be traced through an unbroken string of in-place upgrades and Migration Assistant machine transfers all the way back to a 12" PowerBook G4 running Panther, so I'm thinking it may be time to clear the cruft and do a full nuke-and-pave clean install of whatever comes next. If I'm going to do the work of a new installation, it seems Mojave would be a better use of my time and labor than High Sierra, at least in terms of how long it will be before Mojave itself reaches end-of-life.

I remember decades of excitedly installing a new version of Mac OS as soon as it was released. The idea that someday I would try to delay installing a new version of Mac OS by years just seems insane to me.
 



A copy of Firmware.scap can be found in /usr/standalone/i386.

MBA41.scap is definitely hardware-related (since the computer is a MacBook Air 4,1).
I discovered the very useful UEFITool, which can unpack .scap files. At least some of the MBA41 contents are updates to the boot ROM, but I’m not sure if any of it is needed after the updates are applied.
 


I also wonder about about HFS+ vs. APFS for High Sierra.
Although my production OS is Sierra, I also have a High Sierra boot drive that I use for testing. Unwilling to try APFS in the early versions of High Sierra, I was able to create an HFS+ drive for it.

I think APFS in Mojave is probably more polished and wonder if any of the changes were backported to High Sierra.

But in the long run, I'll probably install the final version of Mojave on the Mac Pro 5,1. Catalina is not going to be an option.
 


... If you mount the EFI partition, you will almost certainly find it empty. As far as I know, if you try to manually put an EFI driver in there, it will be ignored by the BootROM and won't actually load.....
Even if Apple primarily just uses it as scratch space, it is a useful partition to leave in place. Alternative EFI bootloader applications may use that partition (e.g., rEFInd), and other OS (Windows may stuff some supplementary things there — at least on pre-T2 systems).

However, even if there are no working drives in a Mac system, the computer still should be able to boot into EFI. Nothing critical to booting into EFI should be there, because the drive may not always be there.

For T2 systems, even if there is something there, the system is booting in secure boot mode at least through the EFI stage. Even if there was something there, if it isn't properly signed it still won't get loaded. The T2 puts a barrier by the master copy of the EFI boot image where it can't be directly accessed. The system will get a copy of that to work with when the system boots (so post boot code injections are not [an attack] vector).
 


I did Security Update 2019-004 for both the Sierra and High Sierra boot drives on my Mac Pro 5,1 quad-core 2.8GHz machine today.

The Sierra boot drive is a Samsung 850 EVO SSD mounted on a PCIe card.
The High Sierra boot drive is a Samsung 860 EVO SSD mounted in the SATA bay.

The Sierra update took about 4 minutes. The High Sierra update was longer and took about 9 minutes with one extra reboot. There was no change to the firmware.
Code:
  Boot ROM Version:                MP51.0089.B00
  SMC Version (system):            1.39f11
  SMC Version (processor tray):    1.39f11
The EFI partition -> Firmware.scap was updated on some drives but not all.
 


Ran into an issue last week trying to update our 2018 Mac Minis, which we use for exhibits (at a museum) to macOS 10.14.6 to hopefully fix some display issues we've seen. The downloaded Combo updater just fails with a generic error. Relevant portion of log:
Jul 25 07:36:58 EXH-<ComputerName> softwareupdated[338]: Attempting to adopt manual product: macOS 10.14.6 Update
Jul 25 07:37:12 EXH-<ComputerName> softwareupdated[338]: bridgeOS: Minimum bridge version requirement not satisfied (16.16.6568.0.0,0), will search for bridgeOS update
Jul 25 07:37:12 EXH-<ComputerName> softwareupdated[338]: bridgeOS: Active product _ManualUpdate requires bridgeOS update to version 16.16.6568.0.0,0 or newer. Scanning for active bridgeOS update.
Jul 25 07:37:12 EXH-<ComputerName> softwareupdated[338]: SoftwareUpdate: Could not obtain bridgeOS update required for adoption at /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/com.apple.SoftwareUpdate/localhost/AdoptedManual/macOSUpdCombo10.14.6.pkg
Jul 25 07:37:12 EXH-<ComputerName> softwareupdated[338]: Manual product is nil, therefore an error occured, stashing token will NOT be created...
Jul 25 07:37:12 EXH-<ComputerName> Installer[19710]: ManualAdoption: Error adopting /Volumes/macOS 10.14.6 Update/macOSUpdCombo10.14.6.pkg: Error Domain=SUErrorDomain Code=605 "An error occurred installing the update." UserInfo={NSLocalizedDescription=An error occurred installing the update., NSLocalizedRecoverySuggestion=}
Jul 25 07:37:12 EXH-<ComputerName> Installer[19710]: ManualAdoption: stashToken is Nil, softwareupdated did not authorize a token, stashing has failed!
Jul 25 07:37:12 EXH-<ComputerName> Installer[19710]: Failed to adopt update: An error occurred installing the update.
After a couple of attempts and getting escalated up apparently to Apple Enterprise Support (we have over 200 Macs and a similar number of iOS devices), the official answer was that the only way to update T2-based Macs is to have Internet access. There is no way to do an offline update.

We keep our exhibit computers on an isolated network for security reasons - no internet access.

I know we aren't the only ones that keep at least some computers isolated from the internet - I've known individuals and companies that keep production computers entirely offline or isolated - no email, no web browsing - and the combo updaters were the way to keep the OS updated (along with app update downloads).

I am trying to escalate to get a solution for true offline updates and have provided feedback through the Apple website, but if they hear from more people that it is an issue, or would be an issue that could keep people from purchasing a new model, it is more likely to be flagged as something they need to do.
 


El Capitan's last security update was released in July 2018 (Security Update 2018-004 El Capitan), which leads me to wonder if this month's Security Update 2019-004 will be the end of the road for Sierra.
Probably, but there is still time before Catalina release if a sufficiently serious vulnerability is found anytime soon. But you have to go all the way back to Mountain Lion to find a Security Update released after July.

In my experience (and that of many other users I work with), High Sierra was a big improvement over Sierra, and at the time I updated, I had absolutely no APFS issues on my iMac with a spinning hard drive that was never reformatted from HFS+. Users who converted to APFS did report access appeared slower.
 



Where did you see improvements, specifically?
Primarily stability. I still see crashes occasionally when I spend time in Sierra that I never found in High Sierra. Most of them occur after I've left my computer overnight without shutting down.

I also experienced issues with background updates not occurring when they should have, but those seem to have been resolved somehow.
 


Ric Ford

MacInTouch
I still see crashes occasionally when I spend time in Sierra that I never found in High Sierra. Most of them occur after I've left my computer overnight without shutting down.
Sierra doesn't crash on me in constant use with lots of sleep and wake and display sleep and wake, plus shutdown/restart usually a few times per day.

However, I did have a pretty nasty problem with crashing/corruption associated with sleep/wake while using a 4K monitor. Switching back to a 1440p display resolved the problem. I haven't had enough free time to go back to try to isolate the cause (but tests indicated that it was not related to SwitchResX).

I also got different crashes while working with settings in System Preferences > Displays > Color, raising more concerns about bugs in Sierra's display/color software.

Meanwhile, I'm having nightmarish Bluetooth problems that started just this month, where I can't pair Logitech Triathlon bluetooth mice for the life of me, even though I'm using one full time on Bluetooth, and I've been able to pair them with Mojave and a fresh Sierra install (not up to date). Hours of troubleshooting and testing many different factors haven't helped.

I just bought a Contour Mouse wired mouse (from Contour Designs) to work around this problem, and the Logitech WiFi receiver security problems, and pain from trying to use Apple's "Magic" Mouse. The wired Contour mouse locks up on wake from sleep, so I have to unplug it and plug it in again to the USB port. I’ve only tried it with Sierra on the iMac, so far.

As noted elsewhere, Spotlight (mds_stores) in Sierra seems to be using a crazy amount of CPU and storage resources.

If High Sierra solved all these problems, has reliable/updated APFS code, and lets me choose HFS+ or APFS, it might make sense to update, though I'm not looking forward to more Apple "machine learning" for silent analysis of personal data of all types, and I don't like the boot delays I've experienced with APFS.
 


Ric Ford

MacInTouch
2017 iMac 5K, running macOS Sierra, after the first Security Update 2019-004 Sierra:
Model Identifier: iMac18,3
Boot ROM Version: 175.0.0.0.0
SMC Version (system): 2.41f1
System Version: macOS 10.12.6 (16G2127)​
Kernel Version: Darwin 16.7.0​
2015 MacBook Pro 15", running macOS Sierra, after the first Security Update 2019-004 Sierra:
Model Identifier: MacBookPro11,4
Boot ROM Version: 194.0.0.0.0
SMC Version (system): 2.29f24
System Version: macOS 10.12.6 (16G2127)​
Kernel Version: Darwin 16.7.0​

I came up with this idea:
  1. Clone the boot drive to a backup clone with Carbon Copy Cloner.
  2. Clone the boot drive to a second backup clone with Carbon Copy Cloner. Set this one aside.
  3. Install the software update (i.e. the second Security Update 2019-004, in this case).
  4. Clone again to the first backup volume with Carbon Copy Cloner with SafetyNet on.
  5. Review the contents of the SafetyNet folder for this latest backup to see what changed in the software update between backups.
2015 MacBook Pro 15", running macOS Sierra, after the second Security Update 2019-004 Sierra (SecUpd2019-004Sierra.dmg, created Jul 29, 2019, 9:00 PM)
Model Identifier: MacBookPro11,4​
Boot ROM Version: 194.0.0.0.0​
SMC Version (system): 2.29f24​
System Version: macOS 10.12.6 (16G2128)​
Kernel Version: Darwin 16.7.0​

What changed between the first Security Update 2019-004 Sierra update and the second, according to SafetyNet? Wow, a lot more than I'd expected... many hundreds (thousands) of files - too many to detail.
 


What changed between the first Security Update 2019-004 Sierra update and the second, according to SafetyNet? Wow, a lot more than I'd expected... many hundreds (thousands) of files - too many to detail.
I suppose I should become more comfortable with SafetyNet before replying, but I'll give it a try anyway.

I do know that the update was recompiled because all the dates that I examined were changed to 7/25, but I didn't bother to check whether the content had changed in any way. If SafetyNet is checking all aspects of those new files, including creation date and inode, then it's not surprising. If it's checking the hash value of the file, then that's what I would be most interested in. If the hash didn't change, then the code wasn't changed, either. Recompiling from source will change the creation and/or modification date. Replacing the file on your drive will change the inode (exact location on the drive).
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts