Well hello High Sierra 10.13.3 and Sierra/El Cap Security Update 2018-001

StoneMagnet
Contributor III
18 REPLIES 18

mhasman
Valued Contributor

As usual, it takes Apple 2-3 days to make the Updates available for download...

ThijsX
Valued Contributor
Valued Contributor

Hopefully finder crash be gone!

ThijsX
Valued Contributor
Valued Contributor

Beside keep each other posted if the 10.13.3 update package is available!

brunerd
Contributor

FYI Build Numbers of 2018-001 patched machines
10.11.6 = 15G19009
10.12.6 = 16G1212

dgreening
Valued Contributor II

mhasman
Valued Contributor

Thanks!

mhasman
Valued Contributor

no download url for 10.12 Sierra Security Update 2018-001?

donmontalvo
Esteemed Contributor III

Great, now we just need Apple to provide a fix for 3rd party SSD drives that fail when encrypted. #submitted

--
https://donmontalvo.com

DirkM2012
Contributor

Anybody having trouble installing 10.13.3 on an iMac Pro? I tried 4 times (15 mins each, pretending to install the update) but after logging on it's still on 10.13.2.

mhasman
Valued Contributor

2018-001 Sierra:
https://support.apple.com/kb/DL1956?viewlocale=en_US&locale=en_US

2018-001 El Capitan:
https://support.apple.com/kb/DL1955?viewlocale=en_US&locale=en_US

bjones
New Contributor III

Question i am working to block this update for systems that are running 10.12.6. The reason is because the systems in our environment run Carbon Black and the current version we have installed is not compatible and causes Kernel Panics.
The user would attempt to log back in to their system and a kernel panic message will come up preventing the user from logging in.

I am trying to utilize what i had running for 10.13.2 upgrade in a policy to block the files if downloaded awaiting installation

Files and Processes
SEARCH FOR FILE BY PATH Full path to the file /Library/Updates/091-52053/

The bold section is what works for 10.13.2 i would like to know the name for 10.12.6

pcrandom
Contributor

@bjones , however you want to deploy it, run this command on macOS 10.12.6 (and OS X 10.11.6) Macs: softwareupdate --ignore "Security Update 2018-001". That will make Apple Software Updates ignore that update.

pcrandom
Contributor

Does anyone know what extension attribute we can use to identify Macs that have installed these patches? I can see them if I go to the System Information app, and look in the Installation item under Software, so I would think I could pull that info out using system_profiler, but when I try to grep for the update running system_profiler SPApplicationsDataType I can't seem to find the update on a system I know applied it.

sdagley
Esteemed Contributor II

@pcrandom Use a Smart Group with the criteria Operating System Build to match machines with the update (see the post from @brunerd above with the build numbers after the update is applied)

bjones
New Contributor III

@pcrandom perfect thanks i have that going so far but i am trying to remove for systems that have it cached.. By any chance do you know what the folder name is under /Library/Updates/ that it creates? This is for those that got passed the block.

pcrandom
Contributor

@sdagley d’oh, I had missed the part about the build incrementing. Way easier than trying to pull an individual update’s installation status.

@bjones , sorry don’t have that info but if the ignore is set properly then software update won’t install it even if it’s cached.

pcrandom
Contributor

@bjones It's /Library/Updates/091-62747.

Also, if you have Macs that already applied the update and are kernel panicking, and you can't boot into Safe Mode or Single User Mode to remove Carbon Black Response or Carbon Black Protect, I figured out the files that need to be removed before the Mac can boot normally:

For Response, delete:

/Library/Extensions/CbOsxSensorNetmon.kext
/Library/Extensions/CbOsxSensorProcmon.kext
/Library/LaunchDaemons/com.carbonblack.daemon.plist
/Applications/CarbonBlack/CbOsxSensorService

For Protect, delete:

/Library/Extensions/b9kernel.kext
/Library/LaunchDaemons/com.bit9.Daemon.plist
/Applications/Bit9/Daemons/b9daemon

You can either Target Disk Mode the affected Mac and delete from Finder using a working Mac, or you can boot into Recovery partition and use Terminal to delete. After removing those files, the Mac should be able to start up without kernel panicking, and the uninstall scripts for each product still remain, which you can then run in Terminal:

sudo /Applications/CarbonBlack/sensoruninst.sh
and/or
sudo /Applications/Bit9/uninstall.sh

ThijsX
Valued Contributor
Valued Contributor

@dgreening Thanks mate!