Techs: Mac “Critical Error” Loop

We recently came across this error, “A critical software update is required for your Mac.” Attempting to install this update would result in another error, “A critical software update is required for your Mac, but an error was encountered while installing this update.”

Unlike some others on the web we found that simply reinstalling the OS did not resolve the issue. However, booting into safe mode (left shift button while powering on) would work. From there, one can create a Time Machine backup. After we successfully backed up the machine we went into the recovery console (Apple+R on boot), ERASED the “Macintosh HD” partition and then re-installed.

This still prompted for the update but we were able to successfully install it. After a fresh install, Migration Assistant loaded the fresh Time Machine backup back onto the machine.

CCleaner Distributing Malware

Summary

On Monday, September 18th, Cisco’s Talos reported that the popular computer cleaning utility, CCleaner, was found to distributing Malware for about the last month.

For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week.

For our managed services customers, we are actively uninstalled CCleaner and running clean up scans immediately.  We highly recommend that anyone that does not have IT managed services actively monitoring and fixing this, uninstall CCleaner themselves (or contact us) and then follow up with an antivirus scan, such as Webroot or MalwareBytes.

Impact

At this point it is too early to know what impact the malware has had, if any. No early reports indicate that it was “activated” in a way to cause malicious actions on end computers. However, we expect to learn more over the next few days and may well discover that it has impacted specific organizations.

Technical

Scripting CCleaner Uninstall: http://www.itninja.com/blog/view/how-to-install-run-and-remove-ccleaner-silently-script-in-k1000

Talos Post: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Piriform’s announcement: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users