Skip to main content

Just to share the chaos caused by the Security Update 2019-001 (Mojave) released by Apple on the 29th. Once it is installed, the OS build is 18G1012.



We've had a number of machines basically bricked as a result of installing this update. There are others reporting the same problem on Slack. It is likely the direct cause is the user/network interruption during the installation.



This is what we see on our affected machines. When they start we only see our generic support local admin account login but the usual password is not working. These machines are all relatively new with the T2 security chip and default start security setting that stops the machine from external disk booting. I saw people reporting on Slack that the machines with T1 chip are also affected.



So we boot into the recovery mode and found out the disk utility couldn't mount the volume container. In the end, we had to start into internet recovery mode, reinitialise the disk to rebuild the OS. This is a bit stuff-up from Apple as this OS update together with their new OS security protection features is the cause of potential data loss at the user's end.



Currently, we've deployed the policy for 10.14 machines not already on this built to ignore the Security Update 2019-001. It could be an overreaction. I probably should only target the 10.14 machines with T1 or T2 chip.

@brunerd I'm starting to think like yourself, this is user impatience self inflicted issue. " Hey, my laptop has a black screen, i'll just press the power button and break things."



I just didn't think it'd ever result in total data loss on a system.



As I posted above, I've verified all our devices affected lost their quote "anti-replay tokens - basically a pseudo random seed for a nonce / changing fact." With the end result none of the data is accessible or recoverable.

Hi. We have 9 computers affected by this, all T2 machines. It was first reported on October 10. Affected High Sierra Macs installing the Security update on top of 10.13.6. We also had at least two with 10.14.x that were installing the Mojave supplemental updates, which contained similar security content.

Hi all, same boat here. The Mac is a 2019 MBP. I've been trying to mount the disk at least via terminal, but also not finding anything promising.



All shows error: permission denied, or shows some information was not available for internal lookup, or errors like below:



sh-3.2# sudo fsck_apfs -n -l /dev/rdisk3s1

mount_apfs: mount: Input/output error

error: mount_apfs exit status 73

sh-3.2# fsck_apfs -n /dev/rdisk3s1


@franton - very curious on the xartutil --list. When running this on an affect machine, the below is reported:



Total Session Count: 1



Entry: 0

UUID: 00000-000..... ' Session Seads: 1


Any thoughts on if this data/Mac is still able to be rev

Can anybody confirm or deny that the re-released updates are now available on https://support.apple.com/downloads ?

@mark.mahabir, I downloaded the package first thing this morning to check. It is still the October 24, 2019 .pkg. that said can anybody point me/us to and updated SecUpd2019-001Mojave.pkg? Very frustrating and I will not push the original patch.

I too have been affected by this, and we have an outstanding support case with Apple Enterprise. I've forwarded your post onto them.


@franton , is there any way we can access that case, or we can all somehow vote in or link all of our reports?

@asiu just report in. they'll do the rest.

I've had one instance of this issue. Of note, the (VM) volume also had the ERROR -69808.



Link

I am tracking the issue.



Hopefully this will help get the issue some attention.



https://mrmacintosh.com/mojave-2019-001-security-update-causing-data-loss-if-interrupted/



If you find any new information, please let me know.

So can we safely assume that Apple won't be re-releasing these security updates, or have they in actual fact been updated at https://support.apple.com/downloads but have retained their original release dates?



I haven't seen any issues locally as yet (with the updates downloaded from the Apple Support website).

FYI, Apple has acknowledged this and has identified a solution to be rolled out. No ETA was given, but my understanding is that it'll be fixed for Catalina first and they are working to port the solution backwards for 10.14 and 10.13.



I also composed an email to my entire user base alerting them of this problem. We do want our machines up-to-date, but we don't use a SUS, nor do we want to tell the fleet to ignore this update. So, we are taking the educational route, telling people about the problem, and the potential for data loss, but also to be patient and not interrupt the update as it's happening. This email was sent to our entire user base. Let's hope they read it and pay attention.

@stevie
I have tried your suggestion but it replies this way



TestComputer:~ admin$ sudo softwareupdate --fetch-full-installer --full-installer-version 10.14.6

Password:

Downloading and installing 10.14.6 installer

Install failed with error: Update not found


Maybe they changed something....

@carlo.anselmi that command works with whatever is present in the software update catalogs supplied by Apple. If they remove it, the update download disappears.

@franton Sorry my bad, I forgot I had to reset the previously "ignored" updates on that specific test client...
I could successfully download Mojave 10.14.6 with 



sudo softwareupdate --fetch-full-installer --full-installer-version 10.14.6


But at least in my case it is still build 18G103 (missing latest Security Update 2019-001 (Mojave)
Thank you again
Carlo

For everyone seeing this issue, can you confirm if you have an EFI password set or not?

@ddcdennisb I've recently seen this issue on a 2014 Mac Mini, which didn't have an EFI password set.

Thanks @mark.mahabir . Just wanted to confirm its happening on devices without EFI as well.

I have also promptly blocked this update on my SUS on the 2nd day of patching cycle but not until 9 bricked Macs were reported to me (all of them MacBook Pro 2018 models) and Apple Enterprise support were of no help for my organization's Macs that got bricked by this update because even the FV2 recovery key broke. I was hoping I can ship those bricked Macs under warranty to see if they can repair the corrupted firmware to fix the pre-boot authentication part but their engineers declined.



For those who downloaded the macOS Mojave Installer this month either from the App Store or from Software Update directly from Apple, did you get 18G103 or 18G1012? Thought I ask first since I don't have the fastest Internet connection and I already got 18G103 in my environment.

@dng2000 only 18G103 here any time I have tried downloading macOS Mojave from App Store or installinstallmacos.py

Thanks for responding @carlo.anselmi

@dng2000 you're welcome... and now along with Catalina 10.15.2 there are
Download Security Update 2019-007 (High Sierra)
Download Security Update 2019-002 (Mojave)



Hopefully these will fix previous issues with T1/T2 FileVaulted machines
Ciao
Carlo

My Enterprise support ticket was closed yesterday after Apple released these security updates. My Enterprise contact person said that this problem has been resolved by these updates. Any machines currently bricked can only be wiped and have OS reinstalled, but the bricking of the machines should no longer happen when applying (and interrupting) these security updates (again, according to my Apple rep, in his email).

I just installed the 2019-002 Mojave update on my test machine and it has been stuck in a boot loop for about an hour. It gets to 90% on the progress bar then goes to 100% halts and restarts and repeats. Can anyone else confirm if they are seeing this as well?

@iRyan23 I updated two machines without any issues as of now.

After installing Security Update 2019-007 10.13.6 onto my 2013 Mac Pro with High Sierra I had the same shut down problem.
I booted from an external drive and installed the security update on to my internal SSD card. This fixed the problem for my Mac.

Reply


Terms & ConditionsCookie settings