The High Sierra 10.13 problem with security data files may now be fixed

Over a week ago it became clear that there was a problem with High Sierra updating some of its security data files, most notably those for Xprotect. It looks as if Apple has fixed this, and all Macs running High Sierra should now be able to update properly to the latest versions.

The original problems rested in the High Sierra installers, all versions including the latest dated 12 October which is still in the App Store. Each of these installed old versions of these files, including version 2094 of the XProtect data files. That in itself is not a problem (although surely the installer should not overwrite more recent versions, should it?).

However, if that Mac had been updated to version 2095 when it was still running Sierra, before High Sierra was installed, the installer left the receipt for versions 2094 and 2095 in the Receipts folder – which is protected by SIP. That was another error in the installer: if it was going to remove more recent updates, then it should also have removed their receipts.

When softwareupdate saw those receipts, it therefore assumed that the 2095 update had been installed, which indeed it had, until the High Sierra installer removed it and installed 2094 instead. This deadlock should have been broken when 2096 was pushed in due course, but Apple has now pushed a metadata-only configuration update, which should enable all High Sierra systems to update correctly to 2095.

My advice then is:

If you’re running Sierra or earlier, none of this affects you.
If you’re about to upgrade to High Sierra, that should be fine, but use Digita Security’s free UXProtect and my free LockRattler (from Downloads above) to keep a watch on the version numbers of these security data files, until you are fully up to date as listed here.
If you’re already running High Sierra, use UXProtect and LockRattler, and check against the list here until you’re happy that your system is fully up to date.

I am very grateful once again to Josh Stein at Digita Security for much of the information about this bug and its resolution.

4Comments

Add yours

1

Tony on October 19, 2017 at 9:51 pm

My MBP (was on XProtect 2095 under Sierra) was still stuck on 2094 under HS at 22:40 today, having been in use all afternoon/evening. However, UXProtect’s update button did work today (previously ineffective) and both it and LockRattler now report 2095!

Thanks for this story and for previous suggestions.

LikeLiked by 1 person
- 2
  
  hoakley on October 19, 2017 at 9:55 pm
  
  I’m delighted that you have finally got there – well done.
  Now all I need to do is find an app which can convert Camera RAW images into HEIF/HEIC and save them. As there doesn’t seem to be a codec for HEIF, I’m wondering whether that will ever be possible!
  Howard.
  
  LikeLike
3

alvarnell on October 20, 2017 at 7:55 am

That’s not exactly how it was fixed. The update is a complete bundle, not meta-data only. The fix was in the .dist file which leaves out the receipt check and checks instead to see if the bundle is v2095. If not, then the new version is installed.

LikeLiked by 1 person
- 4
  
  hoakley on October 20, 2017 at 9:08 am
  
  Thank you – I was going on the info passed to me by Josh, but thanks for the correction and full detail.
  The key question is whether it works for High Sierra users…
  Howard.
  
  LikeLike

Share this:

Like this:

Related