MacInTouch Amazon link...

Apple's Mac Security Updates

Channels
Apple, Security
My version of XProtect also went to 2101(1), 1 minute before MRT was updated.
macOS 10.12.6 Sierra, iMac mid 2011 (according to Critical Updates).
 


Howard Oakley said:
Apple has pushed an update to MRT
Apple has just pushed an update to its malware removal tool, MRT, for macOS, bringing its version number to 1.38. The last update brought version 1.35 nearly six months ago (19 June 2018), and Apple seems never to have released versions 1.36 or 1.37. Apple doesn’t provide any information on what changes this update brings. As it now obfuscates the names of malware which it can detect and remove, it appears impossible to correlate changed strings in the app with any malware known outside Apple.
Wouldn't it make sense that Apple might want to play its security cards close to the chest with respect to MRT? Why let malware coders know what you've got on them?
 


Wouldn't it make sense that Apple might want to play its security cards close to the chest with respect to MRT? Why let malware coders know what you've got on them?
No? A Mac malware author surely has a Mac, can test to see if theirs is blocked, and possibly evaluate Apple's blocking mechanism in order to adapt their tool.

Opacity deprives normal, legal users of knowing how Apple is protecting macOS systems, though most of us depend on security experts and tech journalists for that insight.
 


Ric Ford

MacInTouch
2015 MacBook Pro firmware before installing today's Safari and macOS 10.12 security updates:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
After doing multiple backups and installing Apple's updates:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
There were no firmware changes from installing Security Update 2019-001 (Sierra) and Safari 12.0.3 today on a 2015 MacBook Pro:

Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
 


Ric Ford

MacInTouch
After installing macOS Mojave 10.14.2 (which was a weird, confusing process involving multiple black-screen phases, where it was unclear whether the computer was off or on, among other phases):
Model Identifier: MacBookPro15,2​
Boot ROM Version: 220.230.16.0.0 (iBridge: 16.16.2542.0.0,0)​
System Version: macOS 10.14.2 (18C54)​
Installing the macOS Mojave 10.14.3 update did change firmware in a 2018 MacBook Pro:

Model Identifier: MacBookPro15,2​
Boot ROM Version: 220.240.2.0.0 (iBridge: 16.16.3133.0.0,0)​
System Version: macOS 10.14.3 (18D42)​
 


Ric Ford

MacInTouch
Apple issued silent updates to its Gatekeeper software today, also:
The Eclectic Light Co. said:
Apple has pushed an update to Gatekeeper’s data – additional to system updates
Apple has just pushed an update to the data used by Gatekeeper, bringing its version number to 160, dated 22 January 2019. Note that this isn’t included in the simultaneous updates to Mojave, High Sierra, and Sierra, and must be downloaded and installed afterwards.

Apple provides no details as to what changes this update brings, but it is normally expected to include recent revocations of security certificates used in signing software.
 



Apple issued silent updates to its Gatekeeper software today, also:
Just updated to macOS 10.14.3 today, and the install list in software installations shows the Gatekeeper update to 160, so now it appears that the Gatekeeper update does come with the system update, at least on my 2012 MacBook Pro Retina.

But, wait, there's more... the system update did not install Gatekeeper 160 on my 2015 iMac 5K? It's still on 158. Is this a problem only for newer units?

Apple is getting more mysterious as the years go by - used to be premium service, now more like getting car parts from a junkyard; some work and some don't, but those are the chances.
 


Ric Ford

MacInTouch
Just updated to macOS 10.14.3 today, and the install list in software installations shows the Gatekeeper update to 160, so now it appears that the Gatekeeper update does come with the system update, at least on my 2012 MacBook Pro Retina. But, wait, there's more... the system update did not install Gatekeeper 160 on my 2015 iMac 5K? It's still on 158. Is this a problem only for newer units?
I had a similar experience. The Gatekeeper update appeared on a 2018 MacBook Pro after the macOS 10.14.3 update, but it did not appear on a 2015 MacBook Pro after Security Update 2019-001 (Sierra) - I had to force it (using LockRattler) to get Gatekeeper up to version 160 on the 2015 MacBook Pro (though it may have happened eventually, if I'd waited - I don't know).
 


I had a similar experience. The Gatekeeper update appeared on a 2018 MacBook Pro after the macOS 10.14.3 update, but it did not appear on a 2015 MacBook Pro after Security Update 2019-001 (Sierra) - I had to force it (using LockRattler) to get Gatekeeper up to version 160 on the 2015 MacBook Pro (though it may have happened eventually, if I'd waited - I don't know).
I updated a 2018 Mac Mini 8,1 from macOS 10.14.2 to 10.14.3 late yesterday after a full Carbon Copy Cloner backup. I also used LockRattler to install Gatekeeper version 160.

Today I did another Carbon Copy Cloner backup of the boot volume, and Carbon Copy Cloner said it copied 8.29 GB. I had done nothing but read the mail and MacInTouch.
 


Ric Ford

MacInTouch
Today I did another Carbon Copy Cloner backup of the boot volume, and Carbon Copy Cloner said it copied 8.29 GB. I had done nothing but read the mail and MacInTouch.
I've seen some very large incremental backups caused by small changes in very large mailbox files (e.g. a big Outbox).
 


I've seen some very large incremental backups caused by small changes in very large mailbox files (e.g. a big Outbox).
This was Apple Mail with mostly messages from my mail.com account. There weren't more than fifty message, most of which were mailing list traffic that was skimmed, trashed, and deleted. I don't currently use Outlook. I also had not run my Windows 10 VM.
 


Apple issued silent updates to its Gatekeeper software today, also:
FYI: System Information shows that my iMac 18,3 updated itself to Gatekeeper 160 about an hour ago. This was approximately coincident with an App Store notification for the 2019-001 security update (macOS 10.13.6) and Safari 12.0.3, all of which I will download tomorrow.
 


FYI: System Information shows that my iMac 18,3 updated itself to Gatekeeper 160 about an hour ago. This was approximately coincident with an App Store notification for the 2019-001 security update (macOS 10.13.6) and Safari 12.0.3, all of which I will download tomorrow.
Just checked again on my 2015 iMac, and it has now updated. I have auto updates off but security updates on in prefs, so maybe they are rolling out distribution a bit slowly, or something.
 


I updated a 2018 Mac Mini 8,1 from macOS 10.14.2 to 10.14.3 late yesterday after a full Carbon Copy Cloner backup. I also used LockRattler to install Gatekeeper version 160. Today I did another Carbon Copy Cloner backup of the boot volume, and Carbon Copy Cloner said it copied 8.29 GB. I had done nothing but read the mail and MacInTouch.
Just checked Gatekeeper on my iMac model 12,1 (mid-2011) ... I have not installed the security update or anything else at this point. Checked Gatekeeper; it is now at version 160, with no other installations.
 


There is a long thread here in MacInTouch from folks, like me, who are not able to get the macOS 10.14.3 combo updater to work. I downloaded a 4th copy of the combo updater last night, as you did, and it still does not work for me (retina MacBook Pro, late 2013).
This issue also affects the security update for High Sierra. I had to use the App Store update feature to install on my wife’s old 2011 MacBook Pro 13”. The downloaded installer errored out as described above.
 



... A link to Apple security updates indicates this was issued Feb 5. However, a link on that page to https://support.apple.com/kb/HT29854 comes up with
We're sorry.
We can't find the page you're looking for. ...
I see the same thing you do (and reported it to Apple), but I think the real page that gives details the Mojave Security update is at

To actually do the update, I found going through the System Preferences -> Software Update route to work for me (three different computers... all just fine).
 


There were no firmware changes from installing Security Update 2019-001 (Sierra) and Safari 12.0.3 today on a 2015 MacBook Pro:

Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
Some feedback on the Sierra update if anyone is curious:
Just installed on a 2014 iMac. The update was similar to previous updates but took longer, about 22 minutes in all, mostly with the progress bar sitting at the end of its journey across the screen. There was no restart "bong" though, which surprised me.

When I came back to the machine about 10 minutes later, it was to the "usual" dark sleep screen that Apple has been presenting after recent updates. After logging in, I was back at the desktop. Also, unlike previous updates (with firmware updates?), there was no wait for the desktop to populate its icons, dock, menu bar, etc.

Model Identifier: iMac14,3​
Boot ROM version: 133.0.0.0.0.​
SMC Version (system): 2.17f7​
 


Ric Ford

MacInTouch
Howard Oakley provides a little more information about Apple's latest security update for Mojave than Apple provides:
The Eclectic Light Co. said:
What has changed in the Mojave 10.14.3 Supplemental Update?
The install amounts to 667 MB on disk from a download of nearly 1 GB, and replaces three major apps:
  • FaceTime, of course, which remains at version 5.0 but is now build 3080, and built on 3 February 2019;
  • Messages, which remains at version 12.0 but is now build 5500, also built on 3 February;
  • Safari, which remains at version 12.0.3 and shows build number 14606.4.5, and was built on 5 February.
One Widget is replaced, Web Clip, which was built, like Safari, on 5 February.

Several of the items in /System/Library/CoreServices are also replaced. These include MRT, which has updated dylibs, so has been signed afresh on 5 February, but hasn’t changed its version number. Remote management tools for screensharing and VNC/ARD have also changed. Seven of Apple’s kernel extensions are replaced, and many public and private frameworks.

Plenty of command tools are replaced in /usr/bin and /usr/sbin, and there is a complete new CUPS suite too.

Around 300 MB of the installation package is a complete set of current EFI updaters, although there are no changes to any firmware versions among those.
 


Ric Ford

MacInTouch
Just updated to macOS 10.14.3 today, and the install list in software installations shows the Gatekeeper update to 160, so now it appears that the Gatekeeper update does come with the system update, at least on my 2012 MacBook Pro Retina.
But, wait, there's more... the system update did not install Gatekeeper 160 on my 2015 iMac 5K? It's still on 158. Is this a problem only for newer units?
Apple is getting more mysterious as the years go by - used to be premium service, now more like getting car parts from a junkyard; some work and some don't, but those are the chances.
And Apple just posted a silent Gatekeeper update 162, while skipping 161. Here's what I see in System Report > Software > Installations on my macOS 10.12.6 Sierra System:

Gatekeeper Configuration Data:​
Version: 162​
Source: Apple​
Install Date: 2/7/19, 11:47 PM​
Howard Oakley said:
Apple has pushed an update to Gatekeeper’s data – additional to Mojave Supplemental Update
Apple has just pushed an update to the data used by Gatekeeper, bringing its version number to 162, dated 7 February 2019. Note that this isn’t included in the simultaneous Supplemental Update to Mojave 10.14.3, and must be downloaded and installed afterwards. Apple has also skipped version 161, which doesn’t appear to have been released.

Apple provides no details as to what changes this update brings, but it is normally expected to include recent revocations of security certificates used in signing software.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
 


Okay, some people have been experiencing trouble finding this security update 2019-001 released January 22. Here is the link to the download:
What's confusing to me is that my 2017 MacBook Air shows that the last update for High Sierra 10.13.6 as Security Update 2019-001 installed Jan 29, with no new updates to install. However, my 2010 MacBook Air running High Sierra 10.13.6 (17G4015) shows that security update needs to be installed -- with a link to Apple security updates, which has two separate entries for macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, one dated January 22, the other dated February 5 (which is what Apple wants to install on the Mac Mini).

That implies to me that either Apple is confused (by having two entries for the same update), that the MacBook Air isn't seeing the second update for an unknown reason, or that I am missing some crucial bit of information. Any ideas?
 


Okay, this is a hard thing for me to say, but Apple disavows any opinion on the update issues experienced here. The February 5 update does go to a 'We're sorry. We cannot find this page' from the Apple update page. What I do know is that the January 22 High Sierra update link I posted works. I got no response from an Apple Support supervisor. He states that all software updates show up in the App Store. When I installed the update on January 24, he thinks this update might not have been posted yet in the App Store. I don't know what to say.

If you are having issues with the Apple update page, call Apple Support and calmly ask what's going on? If the update has shown up in the App Store, I would like to know, especially the February 5 one.
 


I just had a conversation with my hardware guy. I shared with him what happened and learned something that is important to share gong forward. All updates will eventually show up in the App Store. Here's the detail: Apple can have the same update but formatted for specific computers, like the MacBook Air or iPad. So Apple is rolling it out over time, and the only safe way to install any update is when it appears in the App Store. That I installed the update without harm is either lucky or who knows. But if this rollout is Apple's way of setting up the update to install successfully on your computer; we should no longer rely on updates, even if they are on Apple's site. This could explain why there are multiple options on different days for the same update.
 


Seems like Apple newspeak, not very helpful for most users (who don't even know about blogs like this). There's gotta be a better way.
 


I just had a conversation with my hardware guy. I shared with him what happened and learned something that is important to share gong forward. All updates will eventually show up in the App Store. Here's the detail: Apple can have the same update but formatted for specific computers, like the MacBook Air or iPad. So Apple is rolling it out over time, and the only safe way to install any update is when it appears in the App Store. That I installed the update without harm is either lucky or who knows. But if this rollout is Apple's way of setting up the update to install successfully on your computer; we should no longer rely on updates, even if they are on Apple's site. This could explain why there are multiple options on different days for the same update.
Thanks. It kind of makes sense, and I wonder if they also are trying to roll out the updates so all X million people on Autoupdate don't start downloading at the same time. But like many users I've taken to waiting a while to see whether a new update breaks anything important, and the more complex the process, the more wary I get.
 


the only safe way to install any update is when it appears in the App Store. That I installed the update without harm is either lucky or who knows. But if this rollout is Apple's way of setting up the update to install successfully on your computer; we should no longer rely on updates, even if they are on Apple's site. This could explain why there are multiple options on different days for the same update.
Seems like Apple newspeak, not very helpful for most users (who don't even know about blogs like this). There's gotta be a better way.
In my opinion, that is the better way. I think I can pretty much guarantee that tens of millions of iDevice and Mac users are not scouring Apple's web site for download packages; the packages show up in their Updates queue for their device, and then they ignore them.

Any update of this magnitude has to be managed from a distribution/download speed perspective. And, to be honest, I'd rather Apple take a little more time to clean up and optimize updates so I don't have to keep installing new dot-dot updates every few days.
 



I'm not quite sure what you mean here. If you're talking about the server side, I believe Apple uses Akamai for distribution.
Keep in mind that Apple essentially sends a device-specific update each time (either signing it for the device, or something similar - that's the "requesting update" part you'll see), which means they won't necessarily be cached by a CDN. If all devices everywhere were to request their updates the second Apple released it, it would likely bring down the servers that produce the device-specifically-signed-whatever update, so incremental rollout of the update is probably the best way to avoid melting that spaceship.
 


Ric Ford

MacInTouch
Strangely, Mac App Store is showing the Safari 12.1 update on my macOS 10.12.6 system, but it is not showing the (797MB) Security Update 2019-002, for unknown reasons.
 




Ric Ford

MacInTouch
LockRattler, however, sees Security Update 2019-002 normally. I don't understand why the App Store can't find it. Anyone else in this bizarre boat may want this download link:
I downloaded and installed the update, which "wil take 4.29 GB of space on your computer", and it did at least two restarts (maybe three).

After all that, the update showed as available for a moment in the App Store, then disappeared, but perversely does not show up as being installed.

What a (bad) joke.

Fortunately, LockRattler sanely shows the update completed.

There were no firmware changes from installing Security Update 2019-001 (Sierra) and Safari 12.0.3 today on a 2015 MacBook Pro:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
After today's Security Update 2019-002 installation, the firmware in this 2015 MacBook Pro had been updated:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 189.0.0.0.0
SMC Version (system): 2.29f24​
 


I downloaded and installed the update, which "wil take 4.29 GB of space on your computer", and it did at least two restarts (maybe three).
After all that, the update showed as available for a moment in the App Store, then disappeared, but perversely does not show up as being installed.
What a (bad) joke.

Fortunately, LockRattler sanely shows the update completed.

After today's Security Update 2019-002 installation, the firmware in this 2015 MacBook Pro had been updated:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 189.0.0.0.0
SMC Version (system): 2.29f24​
Ric, I was able to download SecUpd2019-002Sierra from the Apple Support site, and it was 835.7MB. Had to type "Security" into the Search window to get the update to show up.
Security Update 2019-002 10.12.6 also showed up in the App Store. Have not yet applied it - waiting for others to comment. Safari 12.1 also showed up in my App Store listings.
 


Ric Ford

MacInTouch
I was able to download SecUpd2019-002Sierra from the Apple Support site, and it was 835.7MB. Had to type "Security" into the Search window to get the update to show up.
Security Update 2019-002 10.12.6 also showed up in the App Store. Have not yet applied it - waiting for others to comment.
I did multiple backups, removed the backup drives, then installed the update. So far, so good.
 


I am hoping there is nothing seriously wrong with these Security Updates, but there sure is with Apple's processes.

Like you have found, the App Store does not show the Safari Update or the Security Updates as having been installed - but the little red light has gone out, at least.

And the Apple Support Downloads page is a real mess. The High Sierra Update is not on the page when it opens - you have to do a 'search' for it - and the page for it shows it was posted Dec. 8, 2018 - until a little while ago - now they've finally corrected it to March 25, 2019.

This is just... sad.
 


Is anybody seeing problems with the security update like those in the Mojave upgrade, which is said to be causing problems with Gmail?
 


Ric, I was able to download SecUpd2019-002Sierra from the Apple Support site, and it was 835.7MB. Had to type "Security" into the Search window to get the update to show up.
Have not yet applied it - waiting for others to comment.
Me, too. I have not stayed current with the security updates. How do they work together? Is it okay to apply this update without first applying the previous 1, 2, or 3 ones first? Will SecUpd2019-002Sierra be all I need?
 


Yesterday, I tried to install the High Sierra Security Update 2019-002 on my 2012 Mac Pro. I used the standalone installer. After launching the installer and authorizing it, I clicked to restart and complete the installation. The screen went black except for the arrow cursor and nothing happened. After four hours, I pressed the power button to do a hard reset. I've never had problems prior to this doing any updates, even those that contained EFI ROM (firmware) updates.

For comparison, I did the same procedure on my 2011 17" MacBook Pro. Its screen went black briefly (with the same cursor), then a whitish screen appeared and the installation began. It went through a few restarts for the security update and firmware update and finished everything just fine.

When I tried to power on my Mac Pro, a whitish screen appeared after the normal startup chime, so I guess memory and other HW checks were okay. A bunch of white text in a black background then appeared on the whitish display, in a way that happens (I believe) when starting up in verbose mode. The Mac then sat in that state for up to 3 hours without any further progress. I did two a few attempts at resetting the NVRAM ("PRAM") and unplugged the Mac to reset the SMC, both to no avail. Here is the text that displays on every attempt to boot the Mac:
[0 0 ] start port.
[0 0 ] start port hard reset (probe 1).
[0 1 ] start port.
[0 1 ] start port hard reset (probe 1).
[0 2 ] start port.
[0 2 ] start port hard reset (probe 1).
[0 3 ] start port.
[0 3 ] start port hard reset (probe 1).
[0 0 ] failed to hard reset.
[0 0 ] failed to perform port hard reset.
[0 1 ] failed to hard reset.
[0 1 ] failed to perform port hard reset.
[0 2 ] failed to hard reset.
[0 2 ] failed to perform port hard reset.
[0 3 ] failed to hard reset.
[0 3 ] failed to perform port hard reset.
I do have an EFI flashed NVIDIA Titan X display card installed. I've never had problems with OS or firmware updates before with the card installed.

I couldn't find any info in a few web searches about the text displayed on my Mac's screen. I did find a nice article by Howard Oakley on his Eclectic Light website (eclecticlight.co) about EFI boot issues, startup chimes, etc.:

From the article, I found info on Apple's website and downloaded a "Firmware Restoration CD 1.9" disk image and burned it to a CD. However, I couldn't get the CD tray to eject on system boot, whether I used keyboard shortcuts or held a mouse button depressed. I'm not even sure if the CD/DVD drive is "active" at the point I reached when trying to boot my Mac Pro.

Right now, I'm a bit at a loss to know how best to proceed. If anyone knows about the screen text I listed above and what it means, that info may be very useful. I may try putting in an old, GT8800 Apple-supported display card to see if the EFI-flashed Titan X card is causing the Mac Pro to balk... and then try booting the Mac Pro (with the older GPU), doing the updates, then re-install the Titan X card...

I was wondering if anyone might have seen this behavior or has some advice for how to proceed... I would appreciate any thoughts or suggestions.

Thanks!

P.S. Just a wild thought, but since the screen text I listed above seems to be info about a set of 4 things, it may suggest that those messages are related to the PCIe slots...?

P.P.S. Sorry, but I forgot to mention that I did try booting into recovery mode, verbose mode, single-user mode, etc., without any success...
 


Maybe someone at Apple has read some of these comments - lo and behold - they moved the 2019-002 High Sierra update to the Apple Support Download page - finally. It's only a few days late, right? <rolling eyes>
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts