Weekly News Summary for Admins — 2023-05-05

WWDC starts in one month. Do you feel that you and macOS Ventura are ready for the next version of macOS?

(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

This week Apple published the first Rapid Security Response (RSR) for macOS, iOS, and iPadOS. Even though RSRs were tested during the beta phase, there were some hiccups. Overall, the actual release seems to have gone as planned by Apple.

The reception in the MacAdmins community was… not enthusiastic.

The support article for the RSR contains no information on which software or CVEs was patched and the Apple security updates page has no entry for the RSR either. It is not unprecedented or even unusual for security documentation to be published or amended after the release of updates. Since the point of RSRs is to be released quickly, there might still be embargoes in place, CVEs might not even exist, or documentation simply takes second priority. We should expect to see documentation with the release of the macOS 13.4 and iOS 16.5 updates, which will include the issues fixed in the RSR. (It would be nice if Apple pointed out which were fixed in the RSR.)

Because they can be removed, RSRs introduce a new “extra” addition to the version number. This one is 13.3.1 (a). Even though RSRs were announced at WWDC and could be tested during the beta phase, not all management systems, security and monitoring tools are ready to gather the information. Even when your tools are ready, most admins have not yet adjusted or even prepared their workflows for this new piece of information.

There are also (of course) some issues with the management of RSRs. Configuration profiles and MDM commands don’t quite work as advertised. Tools that exist to work around the many shortcomings of the software update workflow will need to be adapted to incorporate RSRs

For a change, Apple announced this well ahead of time. But then, why are (some) MacAdmins still reacting with so much frustration?

I believe, there was some expectation that RSRs might be a fix, or at least a bandaid, for macOS software update. It was implied they wouldn’t require reboots, but most will. You cannot update directly from an older version of macOS to the RSR version, so a user may need two successive installations and reboots to get ‘fully patched.’

Instead of replacing (security) updates, it now looks as if RSRs will happen in addition to the traditional update cycle, increasing the number of updates users and admins have to manage.

RSRs do not solve any of the multitude of issues prevalent with software update. Whether that hope was overly optimistic, misguided, or misinformed, MacAdmins were hoping for some relief with managing software updates. Instead, we are now are facing yet another thing to manage; more and new workflows to build, fix, and adapt.

The burden was increased, rather than reduced. The lack of detailed information, even though it has good reasons, obscures their benefit. We can’t even tell why we have to do this, except for a nebulous “trust us, this is important!”

At Apple, the rollout of RSRs might justifiably be considered a success. They solve a problem they had internally that kept them from responding swiftly to security issues. RSRs improve the overall security of the platforms, which is something Apple obviously and correctly cares about. You have to appreciate that.

This mismatch in the requirements and expectations from the MacAdmins community and Apple isn’t new and there will always be friction here. Nevertheless, Apple needs to directly address the issues with software update in a way that does not increase the workload of users and MacAdmins.

Maybe at WWDC? (ever the optimist)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

macOS and iOS Updates and Responses

念Social Media

  • Pepijn Bruienne: “It’s not an industry-first for a patch mechanism like RapidSecurityResponse to fire without having a CVE on hand.”
  • Tom Bridge: “I’m gonna rant for just a minute. As IT Professionals, we have to deal with risk and insufficient information a lot. I need you to understand: you cannot eliminate risk, and you cannot know everything. What you can do, though, is be prepared and be paying attention.”
  • Jason Broccardo: “TIL that passkeys won’t sync across OSes”

Security and Privacy

Support and HowTos

烙Scripting and Automation

Apple Support

♻️Updates and Releases

To Listen


If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Published by


Mac Admin, Consultant, and Author