Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

Google Keystone Update Damages File System on SIP-Disabled Macs

Rich Trouton has provided a cogent explanation of and solution to a problem that was breaking news in the MacAdmins Slack on 24 September 2019. In short, an update to the Google Keystone update software inadvertently attempted to remove the /var symlink that points to the /private/var directory, which stores files necessary for macOS to boot. Google uses Keystone to update Google Chrome and other Google apps on the Mac, so it could have caused widespread problems.

Happily, most Google Chrome-using Mac users were unaffected, thanks to Apple’s System Integrity Protection (SIP), which safeguards /var. However, video professionals often disable SIP to use third-party video cards, and Macs running OS X 10.9 Mavericks or 10.10 Yosemite predate the introduction of SIP in 10.11 El Capitan and were also thus theoretically vulnerable. Once alerted, Google stopped delivering the offending update while it readies a fix. Initially, Google provided steps to fix a Mac with a damaged /private/var directory, but the company now recommends reinstalling macOS from macOS Recovery.

Even if Macs without SIP protection are somewhat unusual, this was still shoddy work on Google’s part, and the company should formally apologize for the trouble it has caused.

Google Chrome icon eating /var

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Google Keystone Update Damages File System on SIP-Disabled Macs

Notable Replies

  1. For me, the real story was how people banded together to track down the source of the problem, most notably all the discussion and discovery in the MacAdmins Slack (as mentioned), even creating a dedicated channel for the topic (#varsectomy). Avid took this seriously and got involved in the channel. Ryan of the “Mr. Macintosh” blog started on-the-fly documentation and Rich’s post is the great How-To summary that people have come to rely upon. I’m very proud of the worldwide Mac Admins community, but especially on a day like the 24th.

  2. Absolutely! I watched it in the MacAdmins Slack for a little while yesterday, but I had come in a bit too late and the conversation was moving too quickly, so I had trouble figuring out what was going on in real time.

  3. One question for now. Is it possible to tell if my one old computer running 10.10 has been affected without rebooting it?

    (There is one Toast app that does not work on Sierra yet. That has stopped me from upgrading.)

  4. You could probably see if /var is still present. If so, you’re probably fine. The recovery isn’t terrible, so I’d just print out or make sure you can access the steps on another device before rebooting, to be safe.

  5. I don’t have Google Chrome installed; are there any other Google applications that might cause problems?

  6. All Google applications installed for All Users should cause this same issue as they all use the Google Keystone auto-updater in the same manner.

  7. But if your Mac is still working, I very much doubt you could be affected. Google pulled the update quickly after the problem was revealed.

  8. Thanks for the info Adam. I backed up my user folder, printed the info, rebooted, and it worked. There was no damage but better safe than sorry. Thanks again.

Join the discussion in the TidBITS Discourse forum


Avatar for ace Avatar for romad Avatar for alvarnell Avatar for areimer Avatar for scifionea