MacInTouch Amazon link...

Apple's Mac Security Updates

Channels
Apple, Security
Today, 3/29, I am told I need to again do Security Update 2019-002 10.12.6, which I did three days ago (on 3/26), but this time in App Store without the accompanying Safari 12.0 to 12.1 update (MacBook Pro 2016).

With head shake and eye roll, I ran the new updater, which seemed to take slightly longer, and had an odd pause then screen-go-black, then resume, toward the end of the "progress" bar.

When the login screen reappeared, there was a blank, generic blue background. After login, my regular desktop picture appeared, and things seem same as always.

Another update mystery. Maybe a firmware thing they forgot about the other day?
 


Ric Ford

MacInTouch
Today, 3/29, I am told I need to again do Security Update 2019-002 10.12.6, which I did three days ago (on 3/26)...
It is disturbing when Apple's security updates act in such bizarre, illogical ways. Repeatedly. I am seeing the same thing on my own macOS Sierra system, which also wants to install Security Update 2019-002 10.12.6, even though I, too, installed it previously, encountering problems then, too, with Apple's update behavior.

As noted earlier, that Security Update 2019-002 10.12.6 modified firmware, changing it from version 187 to 189. It will be interesting to see if this new repeated update update changes the firmware yet again.

I'm not even thinking of trying this before I do another full set of backups.
 


Ric Ford

MacInTouch
... Security Update 2019-002 10.12.6 modified firmware...
OK, and an Apple AI (Artificial Idiocy) feat of iOS on the iPhone is changing plain black text on this webpage, "2019-002 10.12.6" (Apple's own product version number), into a clickable blue link that it presents to you as a telephone number. Is Apple kidding us? Can its software get any stupider/more perverse?

[Update: I have now added a workaround to stop this idiotic iOS behavior, thanks to a tip from Simon.]
 




Ric Ford

MacInTouch
There were no firmware changes from installing Security Update 2019-001 (Sierra) and Safari 12.0.3 today on a 2015 MacBook Pro:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 187.0.0.0.0​
SMC Version (system): 2.29f24​
After today's Security Update 2019-002 installation, the firmware in this 2015 MacBook Pro had been updated:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 189.0.0.0.0
SMC Version (system): 2.29f24​
And, now, after the second Security Update 2019-002 update, the firmware remains unchanged vs. the first Security Update 2019-002:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 189.0.0.0.0
SMC Version (system): 2.29f24​
 



OK, and an Apple AI (Artificial Idiocy) feat of iOS on the iPhone is changing plain black text on this webpage, "2019-002 10.12.6" (Apple's own product version number), into a clickable blue link that it presents to you as a telephone number....
[See:]
Stack Overflow said:
In short, add to web pages:
HTML:
<meta name="format-detection" content="telephone=no">
It has always bugged me that iOS Safari has its own set of what are essentially weird non-standard commands that one embeds in HTML meta markup.
 


Ric Ford

MacInTouch
In short, add to web pages:
HTML:
<meta name="format-detection" content="telephone=no">
It has always bugged me that iOS Safari has its own set of what are essentially weird non-standard commands that one embeds in HTML meta markup.
I really appreciate your tip here, but I can't tell you how much I detest the idea of every website in the world being forced to custom-configure their HTML to work around dysfunctional Apple software on a billion iPhones/iPads. (Isn't Microsoft doing the exact opposite now, after formerly forcing websites into ugly hacks to accomodate Internet Explorer?)
 


Ric Ford

MacInTouch
<meta name="format-detection" content="telephone=no">
Looks like that should have a closing slash added:
HTML:
<meta name="format-detection" content="telephone=no" />
I've now added that override here, and it seems to be working to stop the idiotic iOS behavior. Thanks again for your help!
 



I'll follow up on my previous post in a bit (it's a long-ish explanation), but it turns out that I finally updated my Mac Pro 5,1 successfully last night with the second iteration of the High Sierra Security Update 2019-002 (10.13.6). I used the command line to do the update.

The first iteration of the update yields a system build of 17G6029. The second iteration resulted in 17G6030, which is what I have now.

Looking in the App Store, it shows that I've installed 2019-002 twice (there are two listings).
 


Ric Ford

MacInTouch
I'll follow up on my previous post in a bit (it's a long-ish explanation), but it turns out that I finally updated my Mac Pro 5,1 successfully last night with the second iteration of the High Sierra Security Update 2019-002 (10.13.6). I used the command line to do the update.
The first iteration of the update yields a system build of 17G6029. The second iteration resulted in 17G6030, which is what I have now.
Looking in the App Store, it shows that I've installed 2019-002 twice (there are two listings).
Interesting... I didn't think to check the system build number before updating a second time to Security Update 2019-002 10.12.6, but what I see now is:

System Version: macOS 10.12.6 (16G1918)​

And, on my system, App Store shows Security Update 2019-002 only once, but SysHist shows it twice. Interestingly, the first SysHist listing (dated 2019-03-26) shows a blank version number, while the second listing (dated 2019-03-30) shows "10.12.6" as its version number.

Here's what I subsequently found in /Library/Receipts/InstallHistory.plist:
<dict>
<key>contentType</key>
<string>critical-update</string>
<key>date</key>
<date>2019-03-26T15:32:40Z</date>
<key>displayName</key>
<string>Security Update 2019-002</string>
<key>displayVersion</key>
<string></string>
<key>packageIdentifiers</key>
<array>
<string>com.apple.pkg.update.os.SecUpd2019-002Sierra.16G1917</string>
<string>com.apple.pkg.FirmwareUpdate</string>
<string>com.apple.pkg.EmbeddedOSFirmware</string>
<string>com.apple.update.fullbundleupdate.16G1917</string>
</array>
<key>processName</key>
<string>softwareupdated</string>
</dict>
...
<dict>
<key>contentType</key>
<string>critical-update</string>
<key>date</key>
<date>2019-03-30T02:40:02Z</date>
<key>displayName</key>
<string>Security Update 2019-002</string>
<key>displayVersion</key>
<string>10.12.6</string>
<key>packageIdentifiers</key>
<array>
<string>com.apple.pkg.update.os.SecUpd2019-002Sierra.16G1918</string>
<string>com.apple.pkg.FirmwareUpdate</string>
<string>com.apple.update.fullbundleupdate.16G1918</string>
<string>com.apple.pkg.EmbeddedOSFirmware</string>
</array>
<key>processName</key>
<string>softwareupdated</string>
</dict>
 


Interesting... I didn't think to check the system build number before updating a second time to Security Update 2019-002 10.12.6, but what I see now is:
System Version: macOS 10.12.6 (16G1918)​
I installed Security Update 2019-002 10.12.6 on my Mac Pro a few days ago. Currently it shows
  • System Version: macOS 10.12.6 (16G1917)
Checking software updates, it shows Security Update 2019-002 10.12.6 is available. Again.

Also, this Apple Support page says...
  • The latest build number for macOS version 10.12 Sierra is 16G1918.
A quick check of file sizes shows the original (835.7 MB) and revised (836.4 MB) differ in size.

So, two Security Updates with the same number... but not the same?
 


I really appreciate your tip here, but I can't tell you how much I detest the idea of every website in the world being forced to custom-configure their HTML to work around dysfunctional Apple software on a billion iPhones/iPads.
To be fair, if the feature worked as intended - turning only phone numbers, and not any arbitrary sequence of digits, into clickable links, it would be useful and maybe even desirable.

But in Apple's attempt (I assume) to recognize a huge array of malformed phone numbers (no separators, parentheses and hyphens in the wrong place, etc.), the result ends up less than useful.
 


Ric Ford

MacInTouch
But in Apple's attempt (I assume) to recognize a huge array of malformed phone numbers (no separators, parentheses and hyphens in the wrong place, etc.), the result ends up less than useful.
I'm having difficulty understanding how someone responsible for the product at Apple decided that dysfunctional interference was fine for Apple customers, as opposed to presenting web pages the way they were intended to be presented by the people creating and serving those pages.*

What's even more disturbing to me is that this is just a tiny example of the overall strategy of Apple (like Facebook and others) to mediate and manage your electronic interaction with the rest of the world using A.I. What could possibly go wrong?

(*There's a related issue where companies like AT&T and Verizon inject tracking codes into web pages between the server and the client as we first discovered here in 2014, prior to implementing HTTPS for macintouch.com.)
 


On a 2012 MacBook Pro, firmware was updated. On my Mac Pro, firmware was not updated. Both are running Sierra 10.12.6.
2012 MacBook Pro firmware: 222.0.0.0 to 224.0.0.0
2011 MacBook Pro firmware: 82.0.0.0 to 83.0.0
2010 MacPro unchanged: MP51.0089.B00

The 2012 MacBook Pro and 2010 MacPro had both Security Updates installed. The 2011 MacBook Pro only had one update as I used the revised (file size: 836.4 MB) version and ignored the first (file size: 835.7 MB) version.

In all three cases, I did not use Software Update but downloaded the file directly from Apple.
 


[/QUOTE]
2012 MacBook Pro firmware: 222.0.0.0 to 224.0.0.0
2011 MacBook Pro firmware: 82.0.0.0 to 83.0.0
2010 MacPro unchanged: MP51.0089.B00

The 2012 MacBook Pro and 2010 MacPro had both Security Updates installed. The 2011 MacBook Pro only had one update as I used the revised (file size: 836.4 MB) version and ignored the first (file size: 835.7 MB) version.

In all three cases, I did not use Software Update but downloaded the file directly from Apple.
FYI, from what I've gathered, Mac Pro 5,1 models don't get firmware updates via the Security Updates like MacBook Pros (or all laptops?) do.

Doing the latest High Sierra Security Update, my 2011 17" MacBook Pro firmware updated to 83.0.0.0.0 from 82.0.0.0.0, as David mentions.
 


Yesterday, I tried to install the High Sierra Security Update 2019-002 on my 2012 Mac Pro. I used the standalone installer. After launching the installer and authorizing it, I clicked to restart and complete the installation. The screen went black except for the arrow cursor and nothing happened. After four hours, I pressed the power button to do a hard reset. I've never had problems prior to this doing any updates, even those that contained EFI ROM (firmware) updates. For comparison, I did the same procedure on my 2011 17" MacBook Pro. Its screen went black briefly (with the same cursor), then a whitish screen appeared and the installation began. It went through a few restarts for the security update and firmware update and finished everything just fine.

When I tried to power on my Mac Pro, a whitish screen appeared after the normal startup chime, so I guess memory and other HW checks were okay. A bunch of white text in a black background then appeared on the whitish display, in a way that happens (I believe) when starting up in verbose mode. The Mac then sat in that state for up to 3 hours without any further progress. I did two a few attempts at resetting the NVRAM ("PRAM") and unplugged the Mac to reset the SMC, both to no avail. Here is the text that displays on every attempt to boot the Mac:

I do have an EFI flashed NVIDIA Titan X display card installed. I've never had problems with OS or firmware updates before with the card installed.

I couldn't find any info in a few web searches about the text displayed on my Mac's screen. I did find a nice article by Howard Oakley on his Eclectic Light website (eclecticlight.co) about EFI boot issues, startup chimes, etc.:

From the article, I found info on Apple's website and downloaded a "Firmware Restoration CD 1.9" disk image and burned it to a CD. However, I couldn't get the CD tray to eject on system boot, whether I used keyboard shortcuts or held a mouse button depressed. I'm not even sure if the CD/DVD drive is "active" at the point I reached when trying to boot my Mac Pro.

Right now, I'm a bit at a loss to know how best to proceed. If anyone knows about the screen text I listed above and what it means, that info may be very useful. I may try putting in an old, GT8800 Apple-supported display card to see if the EFI-flashed Titan X card is causing the Mac Pro to balk... and then try booting the Mac Pro (with the older GPU), doing the updates, then re-install the Titan X card...

I was wondering if anyone might have seen this behavior or has some advice for how to proceed... I would appreciate any thoughts or suggestions.

Thanks!

P.S. Just a wild thought, but since the screen text I listed above seems to be info about a set of 4 things, it may suggest that those messages are related to the PCIe slots...?

P.P.S. Sorry, but I forgot to mention that I did try booting into recovery mode, verbose mode, single-user mode, etc., without any success...
Okay, I have finished my latest Apple macOS and hardware hootenanny.
;-)

I was able to get my Mac Pro 5,1 updated to the latest (2nd iteration) Security Update for High Sierra (2019-002).

I first encountered issues while trying to apply the first iteration of the update. It turns out that I was having problems with my Mac Pro restarting to perform the security update itself. After performing a hard reset, my Mac Pro wouldn't properly power up (as noted in my original post quoted above). What follows is an explanation, of sorts, of what I discovered and did to resurrect my system.
  • I wasn't able to get my system to start up properly, even after resetting the SMC and NVRAM/PRAM. Trying to boot into Safe Mode didn't help.
  • I was advised in a Mac Pro 5,1 BootROM discussion on macrumors.com that my issue was likely some sort of APFS corruption or driver issue that was causing my Mac Pro not to boot (and not a firmware issue). The text messages printed on my screen at startup seemed to be related to my eSATA card. I was told to perform a full High Sierra OS install from a thumb (or external) drive after removing all my PCIe cards and internal drives, except for the GPU (and disconnecting devices besides a keyboard and pointing device).
  • I downloaded a full High Sierra installer from the App Store as a next step, only to find that I got a lite version, weighing in at around 12 MB (this type of installer downloads the remaining payload during installation). So, I used a script, installinstallmacos.py, to download the full ~5 GB installer. I used createinstallmedia to move the installer to my external SSD USB device.
  • My Mac Pro successfully booted from the external device and I checked my internal boot SSD with Disk Utility. I then installed the full High Sierra OS on to my internal SSD. Part of the process included updating the Mac Pro's firmware from MP51.0085.B00 to MP51.0089.B00.
  • According to sources on macrumors.com, Mac Pro 5,1 models need "current" firmware to eventually upgrade to Mojave (and the upgrade must be done from a 10.13.6 installed system). Since firmware updates for Mac Pro 5,1 models are included in full OS installers only, one would need to run a current full High Sierra to get the latest firmware update. It's a bit confusing, as one can also run the full Mojave installer just to do a firmware update on a Mac Pro (and not install Mojave), which adds some new features to Mac Pros running High Sierra. Thank you, Apple, for this confusing mess.
  • With the fresh OS install and updated firmware, my Mac started up fine on its internal SSD. However, it still seemed to lock up when I tried to reboot or shutdown the machine. I logged in remotely via SSH and was able to reboot or shutdown the computer with the corresponding command-line tools.
  • After a few test cycles, I tried to restart again, remotely connected and looked at the output from the "top" command. It showed more than twenty mdworker processes.
  • I subsequently used Onyx to clean up cache files, etc., and to reset Spotlight indexing. This didn't help with the restart/shutdown issue.
  • I then followed the steps up to and including "Open a Terminal session..." from this webpage: Mac Will Not Shut Down, How-To Fix.
  • I also followed a tip to add my startup SSD to the list in the Privacy tab of the Spotlight System Preference. After this and the previous two steps, everything started working (restarts/shutdowns from the Finder).
  • I then ran the 2nd iteration of the 2019-002 security update, along with other updates for drivers, etc. I reinstalled my PCIe cards, removed my startup SSD from the Spotlight Privacy list, and everything was still fine, except that my NVIDIA driver wouldn't update to the latest posted driver (WebDriver-387.10.10.10.40.123). I did discover that an older driver (WebDriver-387.10.10.10.40.108) does work for now. The "108" driver seems to be a canonical driver that works for any released, non-beta version of High Sierra.
  • With the "108" NVIDIA driver now installed, my Mac Pro is fully updated - OS, security updates, and firmware.
I don't know why resetting Spotlight via the command line, or via Onyx, didn't seem to fix my restart/shutdown issues, where using the Privacy tab trick did. Of course, my issue may have been connected to something else.
 


Note the following from Howard Oakley's Eclectic Light Company blog:

The initial releases of macOS Sierra and High Sierra Security Updates 2019-002 on Monday 25 March were not complete. Apple has now released updates to both of these: if you applied either security update before 29 March, you should install this revised update when you can.​

Also, as others have noted, he maintains a fairly complete list of current firmware versions, as well.
 


Ric Ford

MacInTouch
I just happened to see this new Apple notice when I was looking for the original - their similar names and presentations make the distinction subtle and confusing:
Apple said:
About the security content of Security Update 2019-002 High Sierra and Security Update 2019-002 Sierra
...
Security Update 2019-002 for macOS High Sierra and macOS Sierra has been updated.
If your Mac is running macOS High Sierra or macOS Sierra, please update your Mac to use the latest build number for your version of macOS:
  • The latest build number for macOS version 10.13 High Sierra is 17G6030.
  • The latest build number for macOS version 10.12 Sierra is 16G1918.
These builds restore a number of security fixes that were missing from the previous build.
Here's the original version, which is still there but doesn't mention the fact that it was defective or that there is a newer version with the same name....
Apple said:
 


Ric Ford

MacInTouch
I have not stayed current with the security updates. How do they work together? Is it okay to apply this update without first applying the previous 1, 2, or 3 ones first? Will SecUpd2019-002Sierra be all I need?
Presumably, Apple will take care of all that for you via the App Store (or whatever mechanism they happen to be using today). I searched for something definitive from Apple but couldn't find anything.

Here's the same question in Apple's support area, but it's an old topic:
Apple Communities said:
Here's a 2017 MacInTouch post that may be what you're remembering:
sdagley said:
App Stores, software/firmware updates etc.
(2017-05-18 at 15:42)BigFootMN wrote: I have a simple (I hope) question. I know the OS Combo updates include all changes to that version to that point. But do the Security Updates include previous updates in the same sequence? For example, would Security Update 2017-002 for Sierra include the same updates in 2017-001? Or do I need to download both if I missed the first one?
The Security Updates are cumulative, so you don't need to install 2017-001 before 2017-002 (when 2017-002 came out, the 2017-001 update was flagged as deprecated in Apple's Software Update Service)
 


Presumably, Apple will take care of all that for you via the App Store (or whatever mechanism they happen to be using today). I searched for something definitive from Apple but couldn't find anything. ... Here's a 2017 MacInTouch post that may be what you're remembering...
Okay, very helpful! Here's what I will do...

I will wait a few more days, as I don't trust that Apple even got this second version right. If I don't see any news here that there is a newer "SecUpd2019-002Sierra", I will install this second version (which I downloaded directly from Apple) and only it. Once completed, I can check the App Store to see if anything else shows up.

In theory, either the Sierra OS won't let me install this update without first installing the previous updates or I will see something else in the App Store after installing. Once I get this done, I will report back here.
 


Ric Ford

MacInTouch
If I don't see any news here that there is a newer "SecUpd2019-002Sierra", I will install this second version (which I downloaded directly from Apple) and only it. Once completed, I can check the App Store to see if anything else shows up.
Do us, and yourself, a favor and make a good backup clone before you try it!
 


Do us, and yourself, a favor and make a good backup clone before you try it!
Excellent point, but I'm a CCC (Carbon Copy Cloner) guy from way back. I keep two local cloned copies of my main computer's SSD and an additional one off-site at a buddy's house.

Anytime that I plan to install something big, I do a backup immediately beforehand in case something goes wrong. Anytime I do important time-consuming work that I can't afford to lose (i.e. hours of Logic X or FCP X projects), I then backup immediately. I, like many people here, have learned my lesson the hard way. Never again!
 


I just happened to see this new Apple notice when I was looking for the original - their similar names and presentations make the distinction subtle and confusing...
This is completely unacceptable - why not add a "supplemental" or some such to the revised updates? How did they get issued if they were "incomplete"? Is quality control at Apple non-existent? Or did they find another 'bug' they felt should be fixed and re-issued them?

I just got the App Store update notifications - this is making Apple look incompetent. I would get fired - you all would get fired - if we were pulling this in our professional lives!
 


… this is making Apple look incompetent. I would get fired - you all would get fired - if we were pulling this in our professional lives!
For all we know, someone at Apple did get fired, but I doubt secretive Apple would say so. Whether one should fire Apple as one’s software supplier is left as an exercise for the reader.
 



Note the following from Howard Oakley's Eclectic Light Company blog:

The initial releases of macOS Sierra and High Sierra Security Updates 2019-002 on Monday 25 March were not complete. Apple has now released updates to both of these: if you applied either security update before 29 March, you should install this revised update when you can.​

Also, as others have noted, he maintains a fairly complete list of current firmware versions, as well.
I received the notice for the "supplemental" update this morning from Apple. Actually, what it said was "Some updates could not be installed... "

I assume this was the update to the recent Security Update 2019-002.
 


I received the notice for the "supplemental" update this morning from Apple. Actually, what it said was "Some updates could not be installed... "
I assume this was the update to the recent Security Update 2019-002.
On very brief perusal of the firmware page referred to above, I notice that MacBookPro11,5 is not listed.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts