This afternoon, Apple released a background update that accidentally blacklisted their own Ethernet kernel extension. These background updates are generally not user-facing. The system will perform a daily check for these updates and apply them without notification. Users whose systems installed the update, marked as com.apple.pkg.IncompatibleKextConfigData.14U2129 or Incompatible Kernel Extension Configuration Data 3.28.1, on reboot lost their Ethernet adapter’s functionality.
This is a result of Apple’s security processes working to disable kernel extensions Apple deems harmful. Also included in this update was the banishment of spyresoft’s Dockmod which somehow managed to get a kernel extension signed by Apple into production, in conflict with the security guidelines for OS X. This is a concern for a number of reasons, but that’s a matter for another day.
Fortunately, Apple realized their error in a short period of time, and pushed another Incompatible Kernel Extension Configuration Data update which removed the entry for the Ethernet Kernel Extension.
Are you concerned that you might be missing your Ethernet adapter? You can check. From a terminal, run
This will then reveal all the Incompatible Kernel Extension updates. Look for:
If you see both 14U2129 and 14U2130, you are up to date. If you only see 14U2129, you should run the following to get the update from Apple (likely over your Wi-Fi connection):
sudo softwareupdate --background-critical
This will update the background updates and apply them. You may need to reboot to enable the missing kernel extension.
Thanks as always to my fine colleagues Pepijn Bruienne, Rich Trouton, Allister Banks, Mike Lynn, and Ben Toms for contributing advice and code.
Update: Via Patrick Fergus comes an important update: another way to check is to use System Profiler. Look in Software > Installations, “Incompatible Kernel Extension Configuration Data”,
14U2129 = bad,
14U2130 = good,
sudo softwareupdate --background-critical to update to the new version.
Update Two: Via Rich Trouton, a longer, more detailed examination of the issue. Still not sure how this one made it out of QA.
Update Three: Via many sources, Apple has provided a technote for those who were affected. In addition, Rosyna Keller has posited a reasonable theorem for why this happened: this was supposed to be released after the upcoming release of 10.11.4, which could contain a security patch for the Apple Ethernet Kernel Extensions that were blocked yesterday. Kernel Extensions are blocked based on name and version identifier. If the Kernel Extensions were revised upward – say, for a security release – then it’s very possible that this is the reason things were done.
What remains to be seen is why they released this change now as opposed to after 10.11.4 shipped and had been in the field for some time. Given the catastrophic affect on systems, though, it’s possible this was just an intern with a faulty commit button that wasn’t caught. Neither make me feel warm and fuzzy about the state of software coming from Apple.