On Monday night, Variety announced that movie editors in Los Angeles who have Avid Media Composer software installed suddenly find their Macs unable to restart. The publication speculates that the cause may be the cause of the malware. On Wednesday, Google revealed the real reason ̵
In particular, it was a new version of the Chrome Keystone update that caused so many Macs to stop restarting, according to this open Chrome error post. When the update was installed on Macs, which disabled a security feature known as system integrity prevention and meets several other conditions, a crucial part of the Mac system file was corrupted, a Google official said in a forum.
"This seems to be a problem with a new version of Google Keystone," a different Google official wrote earlier in the thread. "We've stopped deploying and we're working on a fix right now."
When your Mac receives a "varsectomy"
SIP, as system integrity protection is usually shortened, it was introduced in 2015 in El Capitan version of macOS ( called OS X at the time). As its name implies, SIP is designed to protect the integrity of the operating system, protecting, among other things, certain files and folders from being deleted or modified, except for specific, authorized processes.
An error will occur in Chrome update inadvertently tried to change parts of macOS file system. When SIP was activated – by default – SIP worked as designed and prevented the change. However, when security is disabled, the file system is changed in a way that prevents Macs from restarting. Specifically, according to the Chrome Error Theme, the updated version of Chrome removed an important symbolic link pointing to the / var folder.
"This causes system instability, which may include failure to launch new user interface applications, inability to resolve host names in most programs already running, and failure to restart successfully," said one of the employees of The specific conditions required to update Chrome to make this change are:
- The SIP must be disabled (or not present, as was the case before OS X 10.11)
- / must be logged in by logged in users el
- A keystone version must be installed containing an error, 18.104.22.168
- Keystone needs to update a product it controls.
The reason why many users of Avid Media Composer are affected is the blog on Mac Enterprise, Mr Macintosh reports, is that some users of movie editing software have to disable SIP when using third-party graphics cards. The edition called / var-kills the bug "varsectomy."
Google has instructions for recovering unbootable Macs here. The process involves starting in recovery mode and then opening a terminal window, which you can access from the utilities folder, among other ways. From there, run the following commands:
chroot / Volumes / Macintosh HD # "Macintosh HD" is the default rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle mv var var_back # var may not exist, but it's good ln -sh private / var var chflags -h limited / var chflags -h hidden / var xattr -sw com.apple.rootless "" / var
If all goes well, the Mac will restart with a buggy Chrome update that is no longer installed and the damaged file system is repaired. It was not immediately clear when a fixed version of the Chrome update would be available.