Security Update 2019-001 (Mojave)

Contributor II

Just to share the chaos caused by the Security Update 2019-001 (Mojave) released by Apple on the 29th. Once it is installed, the OS build is 18G1012.

We've had a number of machines basically bricked as a result of installing this update. There are others reporting the same problem on Slack. It is likely the direct cause is the user/network interruption during the installation.

This is what we see on our affected machines. When they start we only see our generic support local admin account login but the usual password is not working. These machines are all relatively new with the T2 security chip and default start security setting that stops the machine from external disk booting. I saw people reporting on Slack that the machines with T1 chip are also affected.

So we boot into the recovery mode and found out the disk utility couldn't mount the volume container. In the end, we had to start into internet recovery mode, reinitialise the disk to rebuild the OS. This is a bit stuff-up from Apple as this OS update together with their new OS security protection features is the cause of potential data loss at the user's end.

Currently, we've deployed the policy for 10.14 machines not already on this built to ignore the Security Update 2019-001. It could be an overreaction. I probably should only target the 10.14 machines with T1 or T2 chip.


Valued Contributor II

For everyone seeing this issue, can you confirm if you have an EFI password set or not?

Valued Contributor

@ddcdennisb I've recently seen this issue on a 2014 Mac Mini, which didn't have an EFI password set.

Valued Contributor II

Thanks @mark.mahabir . Just wanted to confirm its happening on devices without EFI as well.

Contributor II

I have also promptly blocked this update on my SUS on the 2nd day of patching cycle but not until 9 bricked Macs were reported to me (all of them MacBook Pro 2018 models) and Apple Enterprise support were of no help for my organization's Macs that got bricked by this update because even the FV2 recovery key broke. I was hoping I can ship those bricked Macs under warranty to see if they can repair the corrupted firmware to fix the pre-boot authentication part but their engineers declined.

For those who downloaded the macOS Mojave Installer this month either from the App Store or from Software Update directly from Apple, did you get 18G103 or 18G1012? Thought I ask first since I don't have the fastest Internet connection and I already got 18G103 in my environment.

Contributor III

@dng2000 only 18G103 here any time I have tried downloading macOS Mojave from App Store or

Contributor II

Thanks for responding @carlo.anselmi

Contributor III

@dng2000 you're welcome... and now along with Catalina 10.15.2 there are
Download Security Update 2019-007 (High Sierra)
Download Security Update 2019-002 (Mojave)

Hopefully these will fix previous issues with T1/T2 FileVaulted machines

Valued Contributor

My Enterprise support ticket was closed yesterday after Apple released these security updates. My Enterprise contact person said that this problem has been resolved by these updates. Any machines currently bricked can only be wiped and have OS reinstalled, but the bricking of the machines should no longer happen when applying (and interrupting) these security updates (again, according to my Apple rep, in his email).

New Contributor III

I just installed the 2019-002 Mojave update on my test machine and it has been stuck in a boot loop for about an hour. It gets to 90% on the progress bar then goes to 100% halts and restarts and repeats. Can anyone else confirm if they are seeing this as well?

Contributor III

@iRyan23 I updated two machines without any issues as of now.

New Contributor

After installing Security Update 2019-007 10.13.6 onto my 2013 Mac Pro with High Sierra I had the same shut down problem.
I booted from an external drive and installed the security update on to my internal SSD card. This fixed the problem for my Mac.

New Contributor

@damienbarrett: Hi, I am one of those "impatient" users who ... three weeks ago, gotten scared by the black screen, I turned off the MacBook Air (2018) while updating process was starting. After that the symptoms are exactly what have been reported in these posts (no login with pw, no possibility to mount from Terminal nor from Disk Utility, no TDM, for diskutil ap list comes the mythical Encrypted: ERROR -69808 just as for the xartutil -- list the Total session count: 0 etc.). So, if I understand you well @damienbarrett, based on what said by Enterprise, being bricked, NO WAY to fix the problem without wiping the machine. Is that right? I really hoped to find a solution which can somehow save all what I have on my HD (unfortunately no backup was made recently). Guys, really no way to recover my dates?

sudo softwareupdate --fetch-full-installer --full-installer-version 10.14.6

does that only work if your machine isnt updated or on a prior version?
im on 10.14.6 build 18g2022 (latest)

i get the following result is which leads me to believe that may be a possibility

C02YJ17VJHD4:~ ME$ sudo softwareupdate --fetch-full-installer --full-installer-version 10.14.6
softwareupdate: unrecognized option `--fetch-full-installer'
softwareupdate: unrecognized option `--full-installer-version'
usage: softwareupdate <cmd> [<args> ...]

** Manage Updates:
    -l | --list     List all appropriate update labels (options:  --no-scan, --product-types)
    -d | --download     Download Only
    -e | --cancel-download      Cancel a download
    -i | --install      Install
        <label> ...   specific updates
        -a | --all      All appropriate updates
        -R | --restart      Automatically restart (or shut down) if required to complete installation.
        -r | --recommended  Only recommended updates
    --background        Trigger a background scan and update operation
    --ignore <label> ...  Ignore specific updates
    --reset-ignored     Clear all ignored updates

** Other Tools:
    --dump-state        Log the internal state of the SU daemon to /var/log/install.log
    --evaluate-products Evaluate a list of product keys specified by the --products option 
    --history       Show the install history.  By default, only displays updates installed by softwareupdate.  
    --all           Include all processes in history (including App installs) 

** Options:
    --no-scan       Do not scan when listing or installing updates (use available updates previously scanned)
    --product-types <type>        Limit a scan to a particular product type only - ignoring all others
        Ex:  --product-types macOS  || --product-types macOS,Safari 
    --products      A comma-separated (no spaces) list of product keys to operate on. 
    --force         Force an operation to complete.  Use with --background to trigger a background scan regardless of "Automatically check" pref 

    --verbose       Enable verbose output
    --help          Print this help

Valued Contributor II

@jcheLC The fetch options only work in Catalina.


@ddcdennisb is there something similar for Mojave that i can use to grab the installer vs appstore or saving the .app somewhere?
basically looking for a CLI version of pulling the latest version of Catalina or Mojave using terminal if possible.


Valued Contributor

@jcheLC I swear by Greg Neagle's script.

Contributor III

Any clever folks here come up with a way yet to "slipstream" a la Windows of yore Security Update 2019-002 for macOS Mojave? I refuse to accept that the best practice is to tediously:

  1. Upgrade / Clean install Mojave build 18G103 and watch the reboots.
  2. Wait for the Mojave install to complete, go through "looky new OS steps before your logon completes!" windows.
  3. Initiate the Security Update 2019-002 upgrade.
  4. Depending on your hardware, watch your screen freeze for up to a minute, go black for a similar period of time, tell you it's going to be 39 minutes until it completes, then finish in 5 minutes, or 45 minutes depending on unknown variables...
  5. Log on again after update completes - "ooh looky more new OS steps!" to check that the build iterated to 18G2022.