Welcome back! Hope you had a good vacation break.
While the news was slower than usual, a lot of great posts accumulated over five weeks, so this is a long news summary. Settle down for some extended reading.
(Sponsor: Mosyle)
The Fusion of Apple MDM, Identity, Patching & Security.
Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.
Click here to learn more!
(I learned that there is a limit to how many links you can add to a single note in Notes.app, which is where I gather the links for this newsletter. In case you are wondering, the limit is 100 links or “attachments” per note.)
The beta process continues. iOS 14 and siblings are now on beta 7. macOS 12 Monterey has stalled on beta5 for a while now. SharePlay has been pushed to a later update release. iCloud Private Relay will start with as a public beta in the fall. We also got some security updates for Big Sur, 11.5.1 and 11.5.2.
In case you missed it: I published an excerpt of my upcoming book “Scripting macOS” on my weblog as a series of posts over the break. You can catch up by starting at the first part: “First Script” (There will be one more installment next week.)
If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)
News and Opinion
- Acronis integrates with Jamf, expanding support for service providers handling macOS clients
- A very* scientific poll about deploying third party macOS apps – Dr. Emily Kausalik
- Child Safety – Apple (FAQ PDF)
- Apple’s search for child abuse imagery raises serious privacy questions – Thomas Reed
- Feedback Request: Tell Apple to Expand IDPs for Managed Apple IDs – Tom Bridge
macOS 12 Monterey and iOS 15
- Apple Will Continue Releasing Security Updates for iOS 14 After iOS 15 Ships This Fall – John Gruber
- 7 new security features Apple quietly announced at WWDC – Carly Page, TechCrunch
- What’s New with Xcode 13 Notarization – Sasmito Adibowo
- Why are Big Sur updates so large? – Howard Oakley
- Hello Big Sur! See ya later Monterey – DAM SAN
- Which of Monterey’s features can your Mac use? A reference table – Howard Oakley
- Shortcuts in Monterey Beta 5 – John C. Welch
macOS and iOS Updates
- macOS Big Sur 11.5.1 Update (20G80) is Live! What’s New? – Mr Macintosh
- What has changed in macOS 11.5.2? – Howard Oakley
MacAdmins on Twitter
- Ryan Moon: “TIL about “Allow full disk access for remote users” and that solved the mystery of why I couldn’t access folders via SSH. A sneaky add to 11.5 that I hadn’t heard about previously.” (Image)
- Ben Bajarin: “I have long held an Apple Mac in the enterprise growth story. Apple has slowly chipped away at barriers around deploying and managing Macs in the enterprise. With M1 Macs, Apple is better positioned than ever to grow Mac enterprise share.” (Thread)
- Csaba Fitzl: “The most useful feature I learned this month: CMD+K in Terminal clears everything, including all output, it’s like opening a fresh, new shell.”
- mikeymikey: “If you’re having RSA SecureID issues, please contact RSA via support contract & let them know their QtCore 5 bundled framework inside stauto32.framework is verifying a signature chain in QtCore.cire that passes through a Symantec CA- they need to update it” (Thread)
Security and Privacy
- CVE-2021-1879 zero-day exploit affecting Webkit – Ferdous Saljooki
- OSX.XLoader hides little except its main purpose: What we learned in the installation process – Thomas Reed, Malwarebytes Labs
- Detecting XLoader, A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger – Phil Stokes, SentinelOne
- Beyond the good ol’ LaunchAgents – 19 – Periodic Scripts – Csaba Fitzl
- Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect – Phil Stokes, SentinelLabs
- macOS 11’s hidden security improvements – T. Student(?), Malwarebytes Labs
- Codesigning, untrusted certificate authorities and why certain apps aren’t launching – Rich Trouton
Support and HowTos
- Monitoring Startup Security settings on Apple Silicon Macs – Rich Trouton
- Protect Your Data: Control What Users Can Copy/Paste – Kandji Blog
- Packaging a SAP GUI installer application for macOS – Rich Trouton
- How to Configure Jamf Connect with Microsoft Azure – HCS Technology Group
- New way to support users with Jamf Pro and TeamViewer – Sam Weiss, Jamf Blog
- What is Title Editor? – Justin Clark, Jamf Blog
- Knowing what not to back up, and how – Howard Oakley
- Downloading and installing macOS Big Sur via macOS Recovery’s Terminal – Rich Trouton
- Basic configuration of Jamf Pro 10.31 and TeamViewer – Travelling Tech Guy
- IT & Ops Data with Snowflake Part III – Thomas Lark
- Hosting Munki in an S3 bucket from Wasabi – Adam Anklewicz
- Updating Big Sur on Shared Macs – Anthony Reimer
- Deploying Mobile Device Apps to Apple Silicon Macs with Jamf Pro – Graham Pugh
- EAP-TLS on macOS 11 – Twocanoes Software
- How to create a bootable external disk in macOS 11 or 12 – Howard Oakley
- Do you want to build a Thunder SAN? – DAM SAN
Scripting and Automation
- myspaghetti/macos-virtualbox: Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox for Windows, Linux, and macOS
- Signing AutoPkg-built packages using a .sign recipe – Rich Trouton
- Simplifying pkg recipes with AppPkgCreator – Elliot Jordan
- Positioning a window in macOS – Alexis Bridoux
- guillaumegete/dmg2pkg: Make DMG from PKG
- Logic Pro scripty bits: tracking current Input device – Charles Edge
- Programmatically logout a user in Swift – Alexis Bridoux
- Allow standard users to manage printers with a Munki NoPkg – Kevin M. Cox
- Troubleshooting “zsh: operation not permitted” – Alan Siu
- Piping stdout and stderr to Preview – Erica Sadun
- twocanoes / keychain-detective: command line tool to print keychain acls
- Trusting Certificates in System Keychain without Prompting – Twocanoes Software
- Remotely gathering sysdiagnose files and uploading them to S3 – Rich Trouton
- Using diskutil to find secure token users on a Mac – Alan Siu
- Automating automatic login for macOS – brunerd
- Using the Jamf Pro API to report on which Macs are assigned to a particular person – Rich Trouton
Apple Support
- If you can’t use MDM to install kernel extension policies or software updates on a Mac with Apple silicon
- ‘You do not have permission to open the application’ when using a scanner on Mac
Updates and Releases
- Jamf Pro 10.31
- Teradici Announces Availability of Industry’s First High-Performance Remote Access Software for the Mac
- Parallels Desktop 17 for Mac (can virtualize macOS 12 Monterey beta, running on macOS 12 Monterey beta)
- Installomator v0.7b1 – Prerelease
- TestFlight 3.2 beta – Apple Developer
- Introducing Enhancements to Automated Device Enrollment – Kandji Blog
- Nudge 1.1.0
To Listen
I will only link to those podcasts that I found most interesting over the past few weeks. Please lookup all missed episodes in your favored podcast application or on their websites.
- Suspicious Apparencies – Mac Admins Podcast (fits my recent post on Suspicious Package power user features)
- I Do Declare, with Apple – Mac Admins Podcast
- The past, present, and future of Apple device management with Jeremy Butcher from Apple – Apple @ Work Podcast, 9to5Mac
Just for Fun
Support
If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!