Security Update 2019-001 (Mojave) and 2019-006 (High Sierra)

agen · October 30, 2019, 3:07pm

Originally published at: https://tidbits.com/watchlist/security-update-2019-001-mojave-and-2019-006-high-sierra/

Patches security vulnerabilities in Apple’s last two operating systems. (Free, various sizes)

jwking · October 31, 2019, 7:12pm

When I go to Software Update I am first presented with macOS 10.15 that I do NOT want at this time

How do I just install the Non-Catalina updates?

aforkosh · October 31, 2019, 7:33pm

When you open System Preferences->Software Updates, you will see the Catalina notification with an ‘Upgrade Now’ buttonn next to it. DO NOT tap that button. Underneath the Catalina notification, yous may see the text ‘Another update is available’ with the clickable test ‘More info…’ below it. Click that text A dropdown box listing the available updates will appear with an explanation for the highlighted one. Click through the list to see the update details and then use the checkboxes to select the ones you want. If you have selected any, click the Install Now button to install them. This will install only the selected updates, not Catalina.

jwking · October 31, 2019, 7:45pm

Thanks. I was afraid that Apple would install Catalina without my approval

Jerry

davidson · November 1, 2019, 6:51pm

I saw that on one of my Macs (but not two others), and my father saw the same thing on his. A reboot was all it took to make it Security Update 2019-001 appear — in fact, when the non-Catalina updates are visible, the Catalina offer is not.

ace · November 5, 2019, 5:24pm

There’s some discussion of the Mojave security update essentially bricking machines with a T1 or T2 chip. It’s not clear how widespread it is yet, or if it affects machines that aren’t managed by Jamf or similar MDM software, but if you have a T1- or T2-equipped Mac running Mojave, I’d recommend holding off on this security update until more is known.

https://www.jamf.com/jamf-nation/discussions/33844/security-update-2019-001-mojave

aforkosh · November 5, 2019, 5:49pm

Typing this reply on a 2018 MacBookPro with the Security Update—no problems here.

stottm · November 7, 2019, 10:26pm

One of my users interrupted the Security Update 2019-006 for High Sierra and it seems to have wiped the Secure Enclave throwing away the private keys. Now in Recovery Mode I can see the APFS Macintosh HD volume but it says File Vault: No (Encrypted at Rest) and neither of two users with secureTokens cannot unlock the disk and our escrowed FileVault2 Recovery Key doesn’t work either. Not alone many others have bricked Macs on High Sierra and Mojave on T2 equipped Macs.

DO NOT INTERRUPT THE UPDATE WHEN ON A BLACK SCREEN, IT IS UPDATING BRIDGE OS FOR THE T2 SECURITY CHIP AND APPARENTLY ITS HOLDING THE SECRET KEYS IN RAM WHILE IT REPLACES THE FLASH STORAGE OF THE T2 THEN IT WRITES THE KEYS BACK. IF YOU INTERRUPT THIS YOU LOSE THE ABILITY TO DECRYPT YOUR DATA AND THE RECOVERY KEY IS USELESS.

The 2016-2018 MacBook Pro may appear to turn off during the update. DON’T TOUCH IT! LET IT RUN.

Simon · November 8, 2019, 1:48am

Great. So if you experience a blackout in the middle of such an update I guess you’re system will be hosed too.

Not an issue on the MBP perhaps, but the iMac Pro and the Mac mini have also have a T2.

alvarnell · November 8, 2019, 4:28am

That isn’t really what you should take away from this discussion. Rather, it should be: If you experience a blackout in the middle of such an update, wait it out and do not press and hold the power button. When you return later on, everything should be fine. If the computer has gone to sleep or shut itself down after waiting for your return, just press the power button without holding to start or wake.

stegibson · November 8, 2019, 6:24pm

I’m on a mac mid 2010 running high sierra. I’ve upgraded previous security updates Ok. This one I tried to install and my mac appeared to hang on restart. The mouse cursor just stayed in the top left of the screen.
I tried again with a hard shutdown and left it overnight. In the morning it’s still the same. Recovery mode says that a firmware upgrade is required.
I checked this and for some reason the most recent firmware for my mac pro 1,5 is not installed. I’ve read the only way to install the firmware is from the high sierra complete installation. I’ve tried this but the same it says firmware update is still required.
I’ve tried the flash restart lots of times to install the lurking firmware but with no success. Does anybody have any ideas how to proceed. I’ve been on to apple they did the basics, safe mode , reset NVRAM and SMC but to no avail.

ace · November 8, 2019, 7:08pm

Howard Oakley has been writing about firmware a bit and has some utilities that might shed some light on the situation.

stegibson · November 8, 2019, 7:56pm

Hi Adam, Thanks for this. I have actually read a few of these articles but not this one.
I’ve been onto Apple support this morning and like the article they said to take it in to a store to get it looked at.
Thanks again

alvarnell · November 9, 2019, 12:42am

I’ve been working with Howard and another user that has an iMac17,1 with the EFI update that comes with Catalina. That other user has contacted Apple and been raised through two levels of support without a solution yet.

I’ve also contacted a current Apple employee that has a background in EFI firmware research with a different firm. He’s reached out to the Apple team that receives those automated messages from user computers who fail the eficheck to see if there has been any recent pattern, but haven’t heard back.

Nobody I’ve heard from has reported being able to successfully recover from this situation since the firmware updates moved from being stand-alone to included with macOS installers, so I’ll just confirm to you that taking it to a store is your best bet, for now.

stegibson · November 9, 2019, 4:23pm

Hey thanks Al, thanks for the reply. Will follow your advice and take it to Apple

The thing I don’t understand is I’ve been running High Sierra on this Mac for about 5 months without any problems (I can’t upgrade to Mojave without an updated graphic card so HS is the highest OSX I can use)

I’ve ran and updated previous security updates that have appeared in the App store, and everything has worked Ok with High Sierra

Only 2019-006 caused this problem. So I’m assuming something in it has caused a firmware conflict in some way.

I’m not techy so I don’t really understand it. What’s your take on this?

alvarnell · November 9, 2019, 11:37pm

Sorry, it would take me a lot of time and much more information from you to give you even my guess as to what’s going on as Apple doesn’t make this information available anywhere. That’s why taking it to the store is your best bet at this point in time.

stegibson · November 10, 2019, 10:42am

ok Al Thanks for your help