Thursday, 26 September 2019

Google Apologizes for Crashing Macs After Outage Blamed on Avid

Earlier this week, news broke that a large number of Macs running Avid software had failed upon rebooting and were no longer functional. There was a quick flurry of debates regarding the cause, with a virus or deliberate malware attack raised as a major potential suspect. As we were going to print with our story, news surfaced that the issue might not have been caused by an Avid issue at all. Instead, it might have been the result of a bad Chrome update.

Turns out, that explanation is correct. Version 1.2.13.75 of Google Keystone, Google’s software update program, shipped with a bug that damaged macOS if System Integrity Protection is disabled. Macs that don’t support SIP (pre-macOS 10.11) weren’t affected. Comments from Google employees show how the bug can be reproduced:

SIP must be disabled (or not present, as is the case pre-OS X 10.11).
The root directory, /, must be writable by the logged-in user.
A Keystone version containing the bug, 1.2.13.75, must be installed.
Keystone must update a product that it supervises.

SIP being disabled was critical to the overall process because SIP stopped the bug from actually occurring. SIP being disabled allowed Keystone to remove a symbolic link pointing to the /var folder. A symbolic link or symlink is a link that is automatically interpreted or followed as a path to another file or directory. Removing a symbolic link reference will break software that expects that linkage to exist, which is why Mac OS X systems quit booting once this change was made.

Why Did This Hit Avid Systems in Particular?

This makes sense so far, but why were Avid customers particularly affected to the point that it appeared to be an Avid bug? Supposedly, it’s because many Avid customers have had to disable SIP in order to use third-party GPUs. This arguably speaks to a massive unmet need from Apple’s own professional users, because a lot of various applications actually recommend disabling SIP on macOS. Disabling SIP is recommended in a book for setting up Mobile TensorFlow. It’s part of the recommended process for upgrading GPUs, or for getting an external GPU up and running. Security software company Intego recommends disabling SIP as part of its installation process.

macOS security layers. Image by Wikipedia

It’s not clear if SIP always needs to be left off in order for components to work; this article claims that SIP has evolved over time and that disabling the feature is rarely required. But the fact that things played out this way in the first place looks like it could be evidence of how many Avid users have had to upgrade systems to add third-party video cards in the first place. This issue didn’t surface in the Hackintosh community or among security software users. It hit Avid customers specifically.

But even this explanation may not be entirely accurate; multiple affected users have stated that they were hit by this problem despite SIP being enabled. Either these users are incorrect about the state of their machines, or there was another factor that may have made some systems more susceptible than others. Even now that Google has accepted responsibility for the problem, it doesn’t seem the cause is fully understood.

Now Read:



https://ift.tt/2n3dsbu from ExtremeTechExtremeTech https://ift.tt/2nAU3PE
via IFTTT

No comments:

Post a Comment