Latest Mac OS X update locks out some PGP users

Share this article:

A massive security update from Apple this week fixed more than 130 security flaws in its Mac OS X operating system, but it left users of PGP's Whole Disk Encryption (WDE) product unable to reboot their computers.

PGP users first started noting problems about the update, Mac OS X 10.6.5, shortly after it was released on Wednesday.

Symantec, which now owns PGP, first issued an alert about the issue on Wednesday, warning PGP WDE users to not apply the update. Symantec said the problem was the result of “compatibility issues.”

The update included a new boot file that overwrites the previous edition of the file used by PGP WDE, a Symantec spokeswoman said in a statement to SCMagazineUS.com on Friday. The new file causes user machines to skip a preboot authentication step and results in the disk not being unlocked prior to boot, subsequently preventing the system from booting.

If the update to OS X 10.6.5 has already been made and the machine fails to boot, the data on the machine is not lost, however, Symantec said. 

The company issued a fix for affected users that involves booting into OS X from the PGP recovery CD. WDE users who have not yet applied the OS X update can safely do so by decrypting the system first, then applying the update, then re-encrypting the system. 

“This appears to be the first time Apple has modified boot.efi in a minor update, and Symantec is adjusting test procedures accordingly to help avoid this issue in the future,” Symantec said in a statement. 

However, many users have criticized the encryption provider for failing to warn users about the compatibility issues, especially since test versions of the 10.6.5 update have been available to developers for several months.

The update from Apple fixed approximately 80 vulnerabilities in Mac OS X "Snow Leopard" and dozens of other flaws affecting the Flash Player plug-in.

Many of the vulnerabilities could be exploited by an attacker to run malicious code on a user's system.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.