Latest Mac OS X update locks out some PGP users

Share this article:

A massive security update from Apple this week fixed more than 130 security flaws in its Mac OS X operating system, but it left users of PGP's Whole Disk Encryption (WDE) product unable to reboot their computers.

PGP users first started noting problems about the update, Mac OS X 10.6.5, shortly after it was released on Wednesday.

Symantec, which now owns PGP, first issued an alert about the issue on Wednesday, warning PGP WDE users to not apply the update. Symantec said the problem was the result of “compatibility issues.”

The update included a new boot file that overwrites the previous edition of the file used by PGP WDE, a Symantec spokeswoman said in a statement to SCMagazineUS.com on Friday. The new file causes user machines to skip a preboot authentication step and results in the disk not being unlocked prior to boot, subsequently preventing the system from booting.

If the update to OS X 10.6.5 has already been made and the machine fails to boot, the data on the machine is not lost, however, Symantec said. 

The company issued a fix for affected users that involves booting into OS X from the PGP recovery CD. WDE users who have not yet applied the OS X update can safely do so by decrypting the system first, then applying the update, then re-encrypting the system. 

“This appears to be the first time Apple has modified boot.efi in a minor update, and Symantec is adjusting test procedures accordingly to help avoid this issue in the future,” Symantec said in a statement. 

However, many users have criticized the encryption provider for failing to warn users about the compatibility issues, especially since test versions of the 10.6.5 update have been available to developers for several months.

The update from Apple fixed approximately 80 vulnerabilities in Mac OS X "Snow Leopard" and dozens of other flaws affecting the Flash Player plug-in.

Many of the vulnerabilities could be exploited by an attacker to run malicious code on a user's system.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.