Open Radar

 
Summary:
The 2015-002 Security Update for Mavericks, when applied, leaves an unhidden mach_kernel in the root of the system volume. Normally this file is expected to have the "hidden" Finder flag, but after applying this update the file is un-hidden, exposing it to users who may attempt to trash the file, not knowing what it is.

If these users have administrative rights they will be able to delete the file once they are prompted by the Finder to enter their credentials.


Steps to Reproduce:
1. Install the latest Security Update 2015-002 on a 10.9.5 system.
2. Verify the update has been installed by checking for software updates in the Mac App Store, and verifying the updated OS X build of 13F1066.


Expected Results:
The mach_kernel file at / would remain hidden.


Actual Results:
The mach_kernel file appears visible in the finder at the root of the system volume.


Version:
10.9.5, 13F1066


Notes:
This has been seen before with system updates to 10.8.

If I compare the installer packages for SecUpd 2015-001 and 2015-002, I notice that one of 001's scripts in the postinstall_actions directory is "hideFiles," which simply calls the included SetFile tool to hide /mach_kernel.

The installer package for 002 has no pre/postinstall_actions at all.

I'm aware that there's a KB article for this at https://support.apple.com/en-us/HT203829. However it still seems odd that the SecUpd2015-002 update has no pre/postinstall actions.


Configuration:
Tested on two systems, each with the previous 2015-001 security update having been applied:

iMac 2013, 10.9.5
VMware Fusion VM, 10.9.5