Google Keystone Update Damages File System on SIP-Disabled Macs

ace · September 25, 2019, 3:39pm

Originally published at: https://tidbits.com/2019/09/25/google-keystone-update-damages-file-system-on-sip-disabled-macs/

An update to Google’s automatic update software contained a bug that would damage key system files on Macs that weren’t safeguarded by Apple’s System Integrity Protection. Happily, it’s easy to recover with a set of Terminal commands run from macOS Recovery.

areimer · September 25, 2019, 6:00pm

For me, the real story was how people banded together to track down the source of the problem, most notably all the discussion and discovery in the MacAdmins Slack (as mentioned), even creating a dedicated channel for the topic (#varsectomy). Avid took this seriously and got involved in the channel. Ryan of the “Mr. Macintosh” blog started on-the-fly documentation and Rich’s post is the great How-To summary that people have come to rely upon. I’m very proud of the worldwide Mac Admins community, but especially on a day like the 24th.

ace · September 25, 2019, 6:42pm

Absolutely! I watched it in the MacAdmins Slack for a little while yesterday, but I had come in a bit too late and the conversation was moving too quickly, so I had trouble figuring out what was going on in real time.

scifionea · September 26, 2019, 4:11pm

One question for now. Is it possible to tell if my one old computer running 10.10 has been affected without rebooting it?

(There is one Toast app that does not work on Sierra yet. That has stopped me from upgrading.)

ace · September 26, 2019, 4:19pm

You could probably see if /var is still present. If so, you’re probably fine. The recovery isn’t terrible, so I’d just print out or make sure you can access the steps on another device before rebooting, to be safe.

romad · October 1, 2019, 3:22am

I don’t have Google Chrome installed; are there any other Google applications that might cause problems?

alvarnell · October 1, 2019, 5:33am

All Google applications installed for All Users should cause this same issue as they all use the Google Keystone auto-updater in the same manner.

ace · October 1, 2019, 3:14pm

But if your Mac is still working, I very much doubt you could be affected. Google pulled the update quickly after the problem was revealed.

scifionea · October 3, 2019, 4:51pm

Thanks for the info Adam. I backed up my user folder, printed the info, rebooted, and it worked. There was no damage but better safe than sorry. Thanks again.