Google Keystone Update Damages File System on SIP-Disabled Macs

Originally published at:

An update to Google’s automatic update software contained a bug that would damage key system files on Macs that weren’t safeguarded by Apple’s System Integrity Protection. Happily, it’s easy to recover with a set of Terminal commands run from macOS Recovery.

For me, the real story was how people banded together to track down the source of the problem, most notably all the discussion and discovery in the MacAdmins Slack (as mentioned), even creating a dedicated channel for the topic (#varsectomy). Avid took this seriously and got involved in the channel. Ryan of the “Mr. Macintosh” blog started on-the-fly documentation and Rich’s post is the great How-To summary that people have come to rely upon. I’m very proud of the worldwide Mac Admins community, but especially on a day like the 24th.

1 Like

Absolutely! I watched it in the MacAdmins Slack for a little while yesterday, but I had come in a bit too late and the conversation was moving too quickly, so I had trouble figuring out what was going on in real time.

One question for now. Is it possible to tell if my one old computer running 10.10 has been affected without rebooting it?

(There is one Toast app that does not work on Sierra yet. That has stopped me from upgrading.)

You could probably see if /var is still present. If so, you’re probably fine. The recovery isn’t terrible, so I’d just print out or make sure you can access the steps on another device before rebooting, to be safe.

I don’t have Google Chrome installed; are there any other Google applications that might cause problems?

All Google applications installed for All Users should cause this same issue as they all use the Google Keystone auto-updater in the same manner.

But if your Mac is still working, I very much doubt you could be affected. Google pulled the update quickly after the problem was revealed.

Thanks for the info Adam. I backed up my user folder, printed the info, rebooted, and it worked. There was no damage but better safe than sorry. Thanks again.