At first it seemed like malware targeting film makers, as Mac computers suddenly refused to boot all over Los Angeles. But it turns out the cause was actually far more mundane: Google pushed out a Chrome update that didn’t play nicely with system changes often made by users of the Avid Media Composer software.
The culprit, Variety reports, was a new version of Chrome’s Keystone updater which tried to modify bits of the macOS file system, as documented in this Chrome open bug post. “This appears to be an issue with a new version of Google Keystone,” writes a Google employee on the page. “We have halted the rollout and are working on remediation right now.”
So why did the issue seem so prevalent in Hollywood, while barely registering elsewhere? It’s because Macs have something called SIP – system integrity protection – as introduced in the 2015 El Capitan update to macOS. It’s on by default and protects OS-crucial files and folders from being modified or deleted except by Apple-approved processes.
Related: Best MacBook
But according to enterprise blog Mr Macintosh, the problem isn’t with Avid Media Composer per se, but the fact that many people using it also have third-party video cards, and some of these require SIP to be disabled to function. This meant that the botched update from Google could modify crucial macOS system files, preventing the computers from booting.
Fortunately, for affected users, Google has published instructions to make unbootable Macs bootable again. It involves loading recovery mode, and then entering the following commands into Terminal:
chroot /Volumes/Macintosh HD # “Macintosh HD” is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back # var may not exist, but this is fine
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless “” /var
“This will remove the affected version of Google Software Update, then restore the damaged portion of the file system,” Google writes.
While it wasn’t malware this time, it does expose an uncomfortable truth for film makers: they’re more vulnerable than most, thanks to their third-party hardware requiring SIP to be disabled. While things are back to normal this time, that should be a real concern for the future.