The macOS update provoked a panic of video editors in Hollywood, Google was blamed

For several days, Mac users could not understand what was happening, because at the beginning of this week their computers stopped loading after macOS update. Video editors were the first to encounter a problem and caused a real panic.

At first, it was assumed that the bug was due to the Avid Media Composer video editor, since most of the victims used this professional video editing solution.

“Film and TV editors across Los Angeles were sweating Monday evening as their workstations were refusing to reboot, resulting in speculations about a possible computer virus attack”, — wrote the show business Variety magazine.

Avid developers shrugged at a loss, but confirmed that problems were observed on Macs with macOS 10.13.x and earlier versions on which Avid Media Creator was installed.

So, the victims found that their account had changed to Standard user and as a result errors with the iLock license could occur, which leads to problems with the download. Users were reassured that what was happening was in no way related to malware, but, apparently, is the result of an unsuccessful update and suddenly incompatibility.

Read also: Cybercriminals deliver backdoor to victims’ computers with NVIDIA driver

As it turned out now, the problems for users did not arise due to Avid Media Creator. Google experts said that the bug provoked an update to Google Chrome for Mac, which led to the removal of the /var symbolic link. The root of the problem lies in the new version of the updater, code-named Google Keystone.

According to security experts, macOS 10.9 – 10.14 Mojave users who disabled Software Integrity Protection (SIP) had problems with downloading. This also explained users’ suspicions about Avid Media Creator. The fact is that many Avid users use third-party video cards for work, and for this they have to disable SIP. For this reason, they were the first to notice the problem.

“Sometimes AVID Media Creators use 3rd Party Graphics cards connected to their Mac Pro. When the issue hit yesterday, it was thought that AVID was the main cause of the problems since all the users experiencing the issue had AVID software. Only later after a MacAdmins deep dive investigation was it found that AVID was NOT the cause of the problem. It was Google Chrome Keystone Updater!”, — write researchers from Mr. Macintosh.

Google developers have already published detailed instructions for resolving the consequences of an incorrect update. To do this, it is necessary first to delete the current updater, and then restore the symbolic link to /var through the terminal.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment