MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security

Ric Ford

MacInTouch
On a 2015 MacBook Pro, running macOS 10.12.6 Sierra, I installed Security Update 2019-003 (plus Safari 12.1.1 and iTunes Device Support Update).

System/firmware after update:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 192.0.0.0.0
SMC Version (system): 2.29f24​
System Version: macOS 10.12.6 (16G2016)​
Kernel Version: Darwin 16.7.0​
After today's Security Update 2019-004 and Safari 12.1.2 update:

Model Identifier: MacBookPro11,4​
Boot ROM Version: 194.0.0.0.0
SMC Version (system): 2.29f24​
System Version: macOS 10.12.6 (16G2127)​
Kernel Version: Darwin 16.7.0​
 


SilentKnight showed this for my "trashcan" Mac running Mojave:
Mac model MacPro6,1
EFI version found 130.0.0.0.0
⚠ Need to update EFI firmware.
❌ XProtect 2102 should be 2104
❌ Gatekeeper 147 should be 173
❌ MRT 1.40 should be 1.47
❌ TCC 16.0 should be 17.0
✅ KEXT 14.5.1 should be 14.5.1
 


I just installed the macOS Sierra updates (including Safari), and the MacBook Pro rebooted with Bluetooth disabled, which was quite disconcerting, as it said Bluetooth was "unavailable."
2016 MacBook Pro 15" touch-bar, Sierra 10.12.6. Following last night's updates, a wake-from-sleep (open up lid) initiates a reboot and the "your computer shutdown because of a problem" box with the invitation to send Apple a report (yes, please). The log seems to indicate a kernel panic. Once up and running, haven't had any surprise shutdowns.

This has happened about a half-dozen times so far. Did not notice (but will look for) the Bluetooth issue. To this date (going back to Mac OS 9), I have not ever had a post-update problem. The streak is over.
 


After installing the Security Update 2019-004 for High Sierra on a 2017 MacBook Pro with Touch Bar, if I close the lid of the computer to put it to sleep, then wake it by opening the lid, it will kernel panic 100% of the time. if I click on Sleep from the Apple menu, then wake it up by any means, it works just fine.
 


Interesting that iOS is shown as updated for the iPad Mini (1st Gen) from 9.3.5 to 9.3.6 but the iPod Touch 5th Gen is not included in that same upgrade. Both are (were?) limited to iOS 9.3.5. I checked the both my iPod and my iPad Mini and it didn't show 9.3.6 as an available upgrade for either. I wonder if they have not been actually released yet.
According to MacRumors, the update is to patch a GPS bug. Devices without GPS chips (iPod Touches and non-cellular iPads) won't see the update, and wouldn't benefit from it anyway.
 


After installing the Security Update 2019-004 for High Sierra on a 2017 MacBook Pro with Touch Bar, if I close the lid of the computer to put it to sleep, then wake it by opening the lid, it will kernel panic 100% of the time. if I click on Sleep from the Apple menu, then wake it up by any means, it works just fine.
In my case (2016 Touchbar MacBook Pro 15" running macOS Sierra), I’m having to do a full restart, no matter how I put it to sleep. Now, after closing lid, presumably into Sleep, the case bottom gets very, very hot. I have to do a full Shut Down to keep this from happening.

FWIW, at every single bad restart, I’m doing the Send Report to Apple bit. Was going to call the local Apple Store, but I’m pretty sure, as of now, they’ll claim to know nothing of this and will do much of the same troubleshooting I’ve done, and will want to reinstall OS, etc. etc.

I also re-downloaded the updater from Apple website and started the Install .pkg, which ran for about 5 sec., then nothing.
 


In my case (2016 Touchbar MacBook Pro 15" running macOS Sierra), I’m having to do a full restart, no matter how I put it to sleep. Now, after closing lid, presumably into Sleep, the case bottom gets very, very hot. I have to do a full Shut Down to keep this from happening.
FWIW, at every single bad restart, I’m doing the Send Report to Apple bit. Was going to call the local Apple Store, but I’m pretty sure, as of now, they’ll claim to know nothing of this and will do much of the same troubleshooting I’ve done, and will want to reinstall OS, etc. etc.
I also re-downloaded the updater from Apple website and started the Install .pkg, which ran for about 5 sec., then nothing.
Same problem here with a 2018 MacBook Pro 15" after installing the latest Mojave security update. This happens after sleep overnight. I have not yet experienced forced shutdowns after closing the lid for a few hours and then awakening with finger touch upon opening. I have FileVault enabled.

This is likely a bug that will be fixed shortly with another update.
 


Same problem here with a 2018 MacBook Pro 15" after installing the latest Mojave security update. This happens after sleep overnight. I have not yet experienced forced shutdowns after closing the lid for a few hours and then awakening with finger touch upon opening. I have FileVault enabled.
This is likely a bug that will be fixed shortly with another update.
I hope so. I have a 2016 MacBook Pro running Sierra and crash every time the computer goes to sleep.
 


Security Update 2019-004 for High Sierra has been pulled!
Howard Oakley said:
Don’t apply High Sierra Security Update 2019-004 – Apple has pulled it
Apple has pulled the High Sierra Security Update 2019-004 today as a result of numerous users suffering problems when their updated Macs go to sleep. These have been reported particularly in recent MacBook Pro models, such as the 15-inch 2017/2018.

Users are reporting that putting an affected MacBook Pro to sleep, such as by closing its lid, causes it to suffer a kernel panic and reboot. The only solution to this, other than preventing it from going to sleep, is to shut the Mac down instead. Which isn’t what you bought a MacBook Pro for, exactly.

If your Mac is affected by this, you should contact Apple Support, who by now should now what’s going on, and when the fix is coming.
I see that the Sierra Security Update 2019-004 was also pulled.
 


Ric Ford

MacInTouch
I see that the Sierra Security Update 2019-004 was also pulled.
Thanks for the update. Here's Howard Oakley's post:
The Eclectic Light Co. said:
Don’t apply High Sierra or Sierra Security Updates 2019-004 – Apple has pulled them both
Apple has pulled the High Sierra and Sierra Security Updates 2019-004 today as a result of numerous users suffering problems when their updated Macs go to sleep. These have been reported particularly in recent MacBook Pro models, such as the 15-inch 2017/2018.

Apple has also now pulled one of the BridgeOS updates necessary for the Mojave 10.14.6 update for certain models of Mac. Users who haven’t applied one of these recent updates are therefore wisest waiting now until Apple has addressed these problems properly.

Users are reporting that putting an affected MacBook Pro to sleep, such as by closing its lid, causes it to suffer a kernel panic and reboot. The only solution to this, other than preventing it from going to sleep, is to shut the Mac down instead. Which isn’t what you bought a MacBook Pro for, exactly. ...
 


Thank you for the post on the MacInTouch home page! I had been getting update notices on my High Sierra MacBook Air, and had been procrastinating.

I just checked on my Mojave 10.14.5 Mac Mini and Software Update says the 10.14.6 update is available, but the App Store says no update is available.

Anybody know if there are problems in the 10.14.6 update? For now I'm going to hold off.
 


Ric Ford

MacInTouch
... Anybody know if there are problems in the 10.14.6 update? For now I'm going to hold off.
It was a disaster here with a 2018 MacBook Pro, and I just saw another report noting problems with Apple's T2 system (BridgeOS):
Eclectic Light Co. said:
Best not to apply any of the latest macOS updates, including 10.14.6, for now
Apple has overnight pulled one of the two BridgeOS updates required to support its Mojave 10.14.6 update in certain Mac models.

In view of the removal of both the recent Security Updates 2019-004 for Sierra and High Sierra, it is probably wisest not to apply any of these latest macOS updates until Apple has resolved these issues – that now includes the Mojave 10.14.6 update. ...
 


I'm not seeing a sleep problem on four Sierra security updates on older machines:
  • iMac 12,2
  • iMac 13,2
  • Mac Pro 5,1
  • MacBook Pro 8,2
Knock on wood. I explicitly waited a few days before applying, too, in case of trouble reports. I always find it curious that companies say they test extensively before releasing, but upon release, instantly a flood of user complaints come out with such basic problems.
 


So I found an interesting issue: attempting to update to macOS 10.14.6 using the downloaded Combo updater on a 2018 Mac Mini on an isolated network (internal only, no internet access), the update fails.

Looking at the Log, it identifies that it needs a bridgeOS update (10.16.6568.0.0.0 or newer) but can't get it.

I'm contacting Apple Support now to find out how they suggest I update completely offline systems like these.
 


Looking at the Log, it identifies that it needs a bridgeOS update (10.16.6568.0.0.0 or newer) but can't get it.
Yes, that was pulled along with the Security Update 2019-004 for High Sierra and Sierra yesterday. Seems to be an issue with certain T1/T2 Macs crashing after sleep:
  • 2017 iMac Pro
  • 2018 Mac Mini
  • 2018-2019 Macbook Air
  • 2016-2019 MacBook Pro with Touch Bar.
I suggest you follow what this posting [discusses]:
Mr. Macintosh said:
 


I haven't experienced any issues with the High Sierra security update 2019-004 on my Mac Pro 5,1 so far. This includes applying the corresponding NVIDIA driver update.
 


I haven't experienced any issues with the High Sierra security update 2019-004 on my Mac Pro 5,1 so far. This includes applying the corresponding NVIDIA driver update.
Ditto here with a Mac Pro 5,1 and Sierra (except no video card update).
 


--- I just checked on my Mojave 10.14.5 Mac Mini and Software Update says the 10.14.6 update is available, but the App Store says no update is available. ...
As of recently, macOS and security updates are now accessed by the Software Update preference pane (or by various command-line and 3rd-party utilities, as in LockRattler and the like).
 


I upgraded a 2018 MacBook Pro to macOS 10.14.5 on July 21. The 10.14.6 update never even appeared in Software Update, which I thought was strange.

In any case, I don't usually upgrade right away unless there is some serious "in the wild" attack that is addressed. I usually monitor MacInTouch to see what kind of cutting edge bleeding is going on.
 


I updated three Macs yesterday from macOS 10.14.5 to 10.14.6, using the combo updater with no ill effects.

1) Retina MacBook Pro 13” late 2013
2) Retina MacBook Pro 13” 2016
3) Mac Mini late 2014

The 2016 model does the install, stops about 75% of the way through and needs the user password to continue, which it then does.
 



No problems so far with this one. I updated a 2015 iMac 5K (27-inch) and a 2018 MacBook Pro (Touch Bar) with this update. Both of these machines have High Sierra 10.13.6. While it did finally complete the update, the update was not smooth.

On the iMac, the update took almost an hour to finish and restarted at least 4 times. After that, it appears to be working fine.

On the MacBook Pro, the update went all the way through (with 2 or 3 restarts), then rebooted and appeared to have failed, as evidenced by the fact that it showed up again in Software Update. There was no warning or indication that the update failed. This update contained both the 2019-004 security update and a Safari update. The Safari update worked but the security update did not. So I ran it again, this time with only the security update. It ran through again, this time with no restarts, and appears to have worked.

Since then I've had no issues (fingers crossed)!
 


I haven't seen any problems (yet) on my 2019 MacBook Pro with Touch Bar (MacBookPro15,3), now running macOS 10.4.6 with boot ROM Version 220.270.99.0.0 (iBridge: 16.16.6568.0.0,0).

It does have a Vega20 graphics card. I run it in clamshell mode through a CalDigit TS3 Plus. (Maybe that is a configuration that happens not to suffer the problem.)
 


Updated a 2015 iMac 5K to macOS 10.14.6 this morning with no issues — a couple of restarts, but it was done in about 10-15 minutes. I did not see anything mentioning the 2019-004 Security Update, but perhaps this is because I waited until I saw that it was pulled from distribution.
 




Nothing really new, same as what we have heard about Google:
The Guardian said:
Apple contractors 'regularly hear confidential details' on Siri recordings
Although Apple does not explicitly disclose it in its consumer-facing privacy documentation, a small proportion of Siri recordings are passed on to contractors working for the company around the world. They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental, whether the query was something Siri could be expected to help with and whether Siri’s response was appropriate.

... The whistleblower said: “There have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on. These recordings are accompanied by user data showing location, contact details, and app data.”
 



Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts