Home > Mac administration, Mac OS X, System Integrity Protection > Apple security update blocks Apple Ethernet drivers on OS X El Capitan

Apple security update blocks Apple Ethernet drivers on OS X El Capitan

Over the weekend, Apple released an update for a kernel extension blacklist used by System Integrity Protection on OS X El Capitan. This blacklist is a security measure to help Apple block kernel extensions which have been found to be harmful or problematic for OS X. This update belonged to a category of updates which Apple has set to install automatically and in the background, so its installation would have been both automatic and invisible.

Unfortunately, this blacklist update appears to have inadvertently contained the kernel extension information for Apple’s own Ethernet drivers. This is a problem because blocking the Ethernet drivers means your Mac will not be able to connect to your network via an Ethernet connection.

Apple appears to have quickly recognized the problem and has released a follow-up update which fixes this issue.


Update – 10-28-2016: Apple has posted a knowledgebase article about this issue: https://support.apple.com/HT6672


The good news:

  1. This issue does not affect your Mac’s WiFi connection. WiFi has separate drivers which were not affected.
  2. If the Ethernet drivers are blocked, but the Mac has not yet rebooted, your Ethernet connection will remain working until the next time the Mac reboots.
  3. The follow-up update which fixes the problem may already be installed on your Mac.

For more information, see below the jump.

To see if you have the problem update installed, use the procedures below:

Checking via the System Information application:

1. Open the System Information application in /Applications/Utilities

Screen Shot 2016 02 27 at 10 25 29 PM

2. Go to the Software: Installations section and search for the following entries:

Incompatible Kernel Extension Configuration Data 3.28.1 – This contains the blacklist update which blocks Apple’s Ethernet driver software

Screen Shot 2016 02 27 at 9 44 14 PM

Incompatible Kernel Extension Configuration Data 3.28.2 – This contains the follow-up update which removes Apple’s Ethernet driver software from the blacklist.

Screen Shot 2016 02 27 at 9 41 21 PM

Checking via the command line:

1. Open Terminal
2. Run the following command:

cat /var/log/install.log | grep com.apple.pkg.IncompatibleKextConfigData.14U2129

If you get a result like this, the Incompatible Kernel Extension Configuration Data 3.28.1 update was installed:

Feb 26 22:02:45 computername system_installd[14244]: PackageKit: Writing system content receipt for com.apple.pkg.IncompatibleKextConfigData.14U2129 to /

3. Next, run the following command to see if the Incompatible Kernel Extension Configuration Data 3.28.2 update which fixes this issue was also installed:

cat /var/log/install.log | grep com.apple.pkg.IncompatibleKextConfigData.14U2130

If you get a result like this, the follow-up Incompatible Kernel Extension Configuration Data 3.28.2 update that fixes the problem was installed:

Feb 27 20:28:23 computername system_installd[527]: PackageKit: Writing system content receipt for com.apple.pkg.IncompatibleKextConfigData.14U2130 to /

If you have the Incompatible Kernel Extension Configuration Data 3.28.1 update installed, but do not yet have the Incompatible Kernel Extension Configuration Data 3.28.2 update installed, the Ethernet drivers for your Mac will be blocked from running the next time the Mac is restarted. That will result in your Mac not being able to connect to your network via an Ethernet connection.

To fix this, the Incompatible Kernel Extension Configuration Data 3.28.2 update needs to be installed and the Mac rebooted again. After this reboot, the Ethernet drivers should be enabled again and your Mac’s Ethernet connection should work normally again.

To install the Incompatible Kernel Extension Configuration Data 3.28.2 update:

  1. Verify you have a working connection to the Internet
  2. Open Terminal
  3. Run the following command with root privileges:
softwareupdate --background-critical

Screen Shot 2016 02 27 at 10 33 23 PM

Running the softwareupdate –background-critical command forces a check-in with Apple’s software update service and will trigger your Mac to automatically install the Incompatible Kernel Extension Configuration Data 3.28.2 update.

For those interested in checking the affected kernel extension blacklist, it is stored in the following location:

/System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist

When the Incompatible Kernel Extension Configuration Data 3.28.1 update is installed, the /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist file is updated with the following entries, which add Apple’s Ethernet drivers to the kernel extension blacklist:

<key>com.apple.iokit.AppleBCM5701Ethernet</key>
<string>LT 10.2.0</string>
<key>com.apple.iokit.AppleYukon2</key>
<string>LT 4.0.0</string>

Screen Shot 2016 02 27 at 8 17 46 PM

When the Incompatible Kernel Extension Configuration Data 3.28.2 update is installed, those entries are removed:

Screen Shot 2016 02 27 at 8 43 53 PM

  1. February 28, 2016 at 2:10 pm

    Apple’s KBase article about this is here:

    If the Ethernet connection on your Mac stopped working recently
    https://support.apple.com/en-us/HT6672

  2. February 28, 2016 at 5:33 pm

    This just made my day! Had internet issues on Friday but when I got the internet back online display ethernet wasn’t working. Talk about timing I tried everything and then I see this article today!! Thanks.

  3. Geoff
    February 29, 2016 at 2:39 am

    I have Version 3.28.2 but my display ethernet still does not work?
    help…

  4. Geoff
    February 29, 2016 at 2:52 am

    and after a reboot all is now ok again – phew

  5. February 29, 2016 at 3:16 am

    Do you happen to have a copy of 3.28.1? It broke a bunch of third-party software license activation schemes, and it would be really helpful to have a copy when testing potential fixes.

  6. Brian
    February 29, 2016 at 5:23 pm

    Does anyone know if hand installing Incompatible Kernel Extension Configuration Data 3.28.2 (not Incompatible Kernel Extension Configuration Data 3.28.1) on an afflicted Mac and rebooting fixes this? I was able to get this update from a working Software Update server.

  7. steve
    March 5, 2016 at 6:07 pm

    Thank you so much. This article is fantastic.

  8. Brandi
    July 25, 2016 at 4:37 pm

    When I try “softwareupdate –background-critical” I get the message: “Must be run as root to trigger background check”

    Anyone know what this means or how I resolve it?

  9. MaryFF
    July 10, 2017 at 5:26 pm

    I received the same message as Brandi. “Must be run as root to trigger background check”

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: