Category: Weekly News

Wow, what a week!

---

(Sponsor: vast limits)

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.

---

If you think your company or product is a good fit to sponsor this newsletter, please contact me!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

WWDC 2023

WWDC 23 is on and started with an amazing keynote. When they introduce three new Mac models, including the new Apple silicon based Mac Pro in the first 20 minutes, then you know it’s going to be in for quite ride. After 80 minutes, there was a moment where it wasn’t quite certain there was going to be a “One more thing…” and I thought I would have been happy if they had stopped there. New Macs, Apple silicon transition completed, many good new features for macOS, iOS, and watchOS.

But they didn’t stop and introduced the ‘Vision Pro,’ which is neither a ‘VR’ nor a ‘AR headset’, but a ‘spatial computer’ with a ‘spatial operating system.’ Whatever Apple calls it, this was the preview, mainly for the developers and it will not be available until next year and even then only in the US, so I will take my time until I make my judgement about this. This opinion is a step up from my former opinion of any VR/AR/spatial computer from Apple (or anyone), which can only be described as ‘indifferent.’

The potential of the Vision Pro and concept of ‘spatial computing’ seems great. The question whether Apple can achieve that potential remains. The price point and limited availability are clear signs that Apple is aware that this platform is maybe ‘not quite ready yet.’ But other platforms, like the Apple TV, iPhone, iPad, Apple Watch, and back in the day, even the Mac and the first PowerBooks took a few years to really find and define their purpose, too.

Sessions for MacAdmins

Apple has released more than 170 sessions for WWDC. Most of those sessions are focused on developers and not people who manage and deploy Macs and other Apple devices. Here is a list of sessions that I think MacAdmins should watch.

• Keynote
• Platforms State of the Union

If you haven’t seen either of these, you really should. They give an excellent overview of what Apple thinks is relevant for the upcoming platforms. You might have other priorities, and that is fair, but getting the overview picture and an impression of where Apple is heading is important.

Don’t miss this

Always a great overview of what is will happen for Mac and iOS management. Covers many topics that don’t quite merit their own session.

• What’s new in managing Apple devices

Business & Education

Apple has a “Business & Education” topic in the developer app. These will be in-depth explanations of some specific new features.

• Explore advances in declarative device management
• Deploy passkeys at work
• Do more with Managed Apple IDs
• Meet device management for Apple Watch (Fri, June 9)

Other interesting sessions

While these sessions will likely be very focused on developer topics, they often contain interesting explanations of how to use and sometimes how to manage these features.

• What’s new in Xcode
• What’s new in web apps
• What’s new in privacy
• Ready, Set, Relay: Protect app traffic with network relays
• Discover Continuity Camera for tvOS

And now, on to the news…

Apple devices

• Apple Vision Pro
• MacBook Air 15-inch with M2
• Mac Studio with M2 Max and Ultra
• Mac Pro with M2 Ultra

macOS Sonoma and iOS 17

• macOS Sonoma Preview
• iOS 17 Preview
• iPadOS 17 Preview
• watchOS 10 Preview
• WebKit Features in Safari 17 beta – WebKit Blog
• What’s new in Apple platform deployment (Document revision history)

Community

• Apple platform deployment: Accessing the latest version when your locale is neither en-ca or en-us – Ben Toms
• macOS 14 Sonoma support – Howard Oakley
• iOS 17 lets us use Shortcuts to get Wi-Fi information – #WiFi
• macOS Sonoma Full Installer Database – Mr. Macintosh
• laurentpertois/Sonoma-Compatibility-Checker
• WWDC 2023 Links – Michael Tsai
• Apple Makes Developer Betas Free to Download and Install – Juli Clover, MacRumors
• All the features Apple didn’t mention in its WWDC 2023 keynote – Wes Davis, The Verge
• WWDC 2023 notes – Rich Trouton
• macOS 14 Sonoma: Toughening up macOS for the Enterprise? – Phil Stokes, SentinelOne
• Apple WWDC 2023: The Future of Apple Device Management – Kandji Blog
• Platform enhancements to help Apple win the enterprise – Michael Devins, Jamf Blog
• Vision Pro Redux – John C. Welch
• How to run a macOS beta on Apple silicon – Howard Oakley

News and Opinion

• Mac Admins Foundation Announces Recipients of Community and Conference Grant – Tom Bridge, MacAdmins.org
• Being an Ally in the Office – Pam Lefkowitz, Radical Admin Blog, Jumpcloud

Social Media

• mikeymikey: “open 'x-apple.systempreferences:com.apple.Software-Update-Settings.extension?action=showBetaUpdates'” (Thread)

Security and Privacy

• Guide for Apple IT: Security Features Built into macOS – David Larrea, Kandji Blog

Support and HowTos

• Make Your Presentation Move – Will Smith, Jamf Tech Thoughts
• Moving Munki Middleware to the Cloud – Jacob Burley

Scripting and Automation

• Cache Me Out 1.0 – HCS Technology Group

Apple Support

• Use more than one version of macOS on a Mac (Not new, but relevant)

Updates and Releases

• Jamf Compliance Editor 1.1.5
• erase-install 29.2
• kmfddm v0.3.0
• Jamf Connect 2.24.0
• swiftDialog v2.2.1
• Mist 0.7
• iMazing 2.17 + Sneak Peek at 3

To Listen

• MacAD.UK Panel 2023 – Mac Admins Podcast
• Interview With Jason Dettbarn, Founder & CEO of Addigy – Command-Control-Power
• Hey let’s get ready for MacDevOps – MacDevOpsYVR
• Flashcast 11: WWDC 2023 – Mac Admins Podcast

Just for Fun

• Saltern by Night – Basic Apple Guy

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Less than two weeks until WWDC. The keynote will be on June 5, as usual at 10am PDT.

---

(Sponsor: vast limits)

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Focus

• 20 years of Der Flounder – Rich Trouton

Running any blog for twenty years is an amazing achievement, let alone one that has had so much positive impact on the MacAdmins community. DerFlounder was one of the inspirations for me to start my own blog, a mere 12.5 years ago. Congratulations, Rich!

News and Opinion

• Level Up Security Knowledge with Jamf 170 – kschuler, Jamf Tech Thoughts
• Old Macs and Activation Lock – Michael Tsai
• Time: a Social Construct? Part 2 – Pam Lefkowitz, Radical Admin Blog, JumpCloud

Security and Privacy

• What if we had the SockPuppet vulnerability in iOS 16? – Apple Security Research

Support and HowTos

• Are macOS updates getting larger? – Howard Oakley
• Downloading installer packages from Jamf Pro when no other options are available – Rich Trouton
• Detecting LLM-Generated Code – Charles Edge

Scripting and Automation

• PowerShell for the Mac Admin, Part 6: Get in. Get out. Quit messing about – Charles Mangin, Radical Admin Blog, JumpCloud
• App Auto-Patch – Rob J. Schroeder

Apple Support

• Use Apple products on enterprise networks (Update)

Updates and Releases

• swiftDialog 2.2
• MDS5 (Video)
• Addigy’s New MDM Watchdog Utility: How to Resolve MDM Issues with macOS – Addigy
• Setup Your Mac (1.11.0) (Blog post)

To Watch

• XCredsWithAD – Twocanoes, YouTube
• May 2023, MacAdmins Meeting Archived Presentations and Slides Online – Marriott Library, Apple Infrastructure

To Listen

• Peter Borg – Mac Admins Podcast
• Do that Hudu that you do so well — Command-Control-Power
• Bridging the SaaS app security gap on macOS – Apple @ Work Podcast, 9to5Mac
• Identity crisis featuring Alec Muffett – Lock and Code, Malwarebytes Labs

Just for Fun

• Mac OS X Rancho Cucamonga – Basic Apple Guy

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Release week! We got the macOS 13.4, iOS 16.5 updates (and the other platforms, too, of course). It wasn’t released until yesterday, with another round of release candidates earlier this week. As usual, you can find all the relevant links in this summary.

---

(Sponsor: vast limits)

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.

---

In the run-up to WWDC, Apple has has published information on future accessibility features, a new concert discovery feature in Music and Maps, and an update on fraud in the AppStore.

WWDC is not the only conference coming up. MacAD.uk in Brighton, UK is next week. MacDevOps YVR will be in Vancouver, Canada, later in June and PSU MacAdmins Conference in July. After the summer we will have JamfNation User Conference in Austin, Texas in September and MacSysAdmin in Göteborg, Sweden in October.

The MacAdmins Foundation has established a new grant for conference attendance for those who cannot otherwise attend. The deadline for applications is May 28. You will find details on their page.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Focus

• Apply now for the 2023 Community and Conference Grant – MacAdmins.org

macOS Ventura 13.4 and iOS 16.5

macOS

• macOS Ventura 13.4 (22F66): About, Enterprise, Developer Release Notes, Security
• macOS Monterey 12.6.6 (21G646): Security
• macOS Big Sur 11.7.7 (20G1345): Security

iOS and iPadOS

• iOS 16.5: About, Enterprise
• iPadOS 16.5: About, Enterprise
• iOS and iPadOS 16.4: Developer Release Notes, Security
• iOS and iPadOS 15.7.6: Security

Other Platforms

• watchOS 9.5: About, Security
• tvOS 16.5: About, Guide, Developer Release Notes, Security
• HomePod Software 16.4: About

Applications

• Xcode 14.3.1RC: Developer Downloads, Developer Release Notes
• Safari 16.5: Blog post, Developer Release Notes, Security
• Shortcuts: What’s new

Guides

• Apple Platform Certifications: Welcome, Document revision history

Community

• macOS Ventura 13.4 Update (22F66) What’s New? RIP seedutil… – Mr. Macintosh
• Apple has released updates to Ventura 13.4, Monterey 12.6.6 and Big Sur 11.7.7 – Howard Oakley
• Goodbye seedutil, hello Apple IDs – Nathaniel Strauss
• A look at how Apple is sharing RSR information in rollup security updates – Dr. K

Social Media

• Craig Hockenberry: “To disable movie, PDF, and other useless previews, but still maintain the image on the icon, use this from Terminal: $ defaults write com.apple.finder QLInlinePreviewMinimumSupportedSize -int 512 Then relaunch the Finder.”

Support and HowTos

• Git, Github, and Version Control: What Apple Admins Need to Know – Matt Wilson, Kandji Blog
• When your Mac can’t get to the login window – Howard Oakley
• Setting user-level global preferences in a macOS configuration profile – Rich Trouton

Scripting and Automation

• chrisgzim/swiftDialog-Jamf-Protect-Template
• PrivilegesDemoter v3.0 – Mostly Mac

Apple Support

• Bug Reporting – Apple Developer

Updates and Releases

• outset 4.0.1
• super v3.0-RC1
• Setup Your Mac (1.10.1-rc1)

To Watch

• Exploring AI for IT scripting – William Smith, Jamf

To Listen

• Just Us – Mac Admins Podcast
• JumpCloud simplifies Google Workspace deployments – Apple @ Work Podcast, 9to5Mac

Just for Fun

• Coding with Character – Doug Wilson
• Introducing the 2023 Automation April Shortcuts Contest Winners – John Voorhees, MacStories

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

This is the time of the year where Apple makes the announcements that didn’t fit in the WWDC Keynote anymore. This week they announced iPad versions of Final Cut Pro and Logic Pro which will be released next week, probably coinciding with the releases of iOS/iPadOS 16.5 and macOS 13.4.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

Apple also released release candidates for those updates this week (two of them). This will be the last update of iOS 16/macOS 13 before we get the betas of the next major releases at WWDC in June. There usually are two more minor updates before the release of the next major versions in the Fall, but those rarely add major changes.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Apple brings Final Cut Pro and Logic Pro to iPad – Apple
• Getting That Recognition – Pam Lefkowitz, Radical Admin Blog, JumpCloud
• MacAdmins Slack: a highly opinionated guide (2023) – Armin Briegel

🦣Social Media

• Ricky Mondello: “Passkeys will be importable and exportable, cross-device, and across passkey managers. They aren’t at this time, but they will be. It’s something that’s being defined and designed.”
• Timothy Perfitt: “Adding in an interesting feature to XCreds 3. When you lock the screen, it will automatically Fast User switch to the login window, keeping the session active but requiring a cloud login. This means that the IdP (like Azure) can log the login and do conditional access on it as well.”

🔐Security and Privacy

• Beyond the good ol’ LaunchAgents 30: The man config file – Csaba Fitzl

🔨Support and HowTos

• Uninstalling Workspace ONE Intelligent Hub with Munki – Kevin M. Cox
• User notifications for Cisco Secure Client migrations – Fraser Hess
• How to Configure Local Administrator Password Solution (LAPS) in Jamf Pro – HCS Technology Group
• Mac Shell Scripts: Tips for Apple Admins – Kandji Blog
• Letting Go: How to offboard in a BYO environment – Chris Hafner, Jamf Tech Thoughts
• How to Securely Manage Local Admin Passwords with Jamf Pro and LAPS – William Smith, Jamf Tech Thoughts

🤖Scripting and Automation

• Jamf Get LAPS Password (Bookmarklet) – Bilal Habib

🍏Apple Support

• Personal Safety User Guide (updated)

♻️Updates and Releases

• red5coder/Jamf-LAPS: App to interact with the new LAPS service in Jamf Pro
• Setup Your Mac (1.10.0) (Blog Post, also 1.11.0-b3)
• Outset 4.0.21874 (full release!)
• MicroMDM 1.11
• jessepeterson/kmfddm v0.2.0 (via Jesse Peterson)
• XCreds 3.0

📺To Watch

• MacAdmin Monthly, 2023-05-09 (via Mat X)
• April 2023: MacAdmins Meeting Archived Presentations and Slides Online – Marriott Library, Apple Infrastructure |

🎧To Listen

• All About Fonts with Glenn Kowalski – Mac Admins Podcast
• Kandji launches its new EDR product for Apple enterprises – Apple @ Work Podcast, 9to5Mac
• Can You Make The Beeping Stop? – Command-Control-Power
• The rise of “Franken-ransomware,” with Allan Liska – Lock and Code, Malwarebytes Labs

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

WWDC starts in one month. Do you feel that you and macOS Ventura are ready for the next version of macOS?

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

This week Apple published the first Rapid Security Response (RSR) for macOS, iOS, and iPadOS. Even though RSRs were tested during the beta phase, there were some hiccups. Overall, the actual release seems to have gone as planned by Apple.

The reception in the MacAdmins community was… not enthusiastic.

The support article for the RSR contains no information on which software or CVEs was patched and the Apple security updates page has no entry for the RSR either. It is not unprecedented or even unusual for security documentation to be published or amended after the release of updates. Since the point of RSRs is to be released quickly, there might still be embargoes in place, CVEs might not even exist, or documentation simply takes second priority. We should expect to see documentation with the release of the macOS 13.4 and iOS 16.5 updates, which will include the issues fixed in the RSR. (It would be nice if Apple pointed out which were fixed in the RSR.)

Because they can be removed, RSRs introduce a new “extra” addition to the version number. This one is 13.3.1 (a). Even though RSRs were announced at WWDC and could be tested during the beta phase, not all management systems, security and monitoring tools are ready to gather the information. Even when your tools are ready, most admins have not yet adjusted or even prepared their workflows for this new piece of information.

There are also (of course) some issues with the management of RSRs. Configuration profiles and MDM commands don’t quite work as advertised. Tools that exist to work around the many shortcomings of the software update workflow will need to be adapted to incorporate RSRs

For a change, Apple announced this well ahead of time. But then, why are (some) MacAdmins still reacting with so much frustration?

I believe, there was some expectation that RSRs might be a fix, or at least a bandaid, for macOS software update. It was implied they wouldn’t require reboots, but most will. You cannot update directly from an older version of macOS to the RSR version, so a user may need two successive installations and reboots to get ‘fully patched.’

Instead of replacing (security) updates, it now looks as if RSRs will happen in addition to the traditional update cycle, increasing the number of updates users and admins have to manage.

RSRs do not solve any of the multitude of issues prevalent with software update. Whether that hope was overly optimistic, misguided, or misinformed, MacAdmins were hoping for some relief with managing software updates. Instead, we are now are facing yet another thing to manage; more and new workflows to build, fix, and adapt.

The burden was increased, rather than reduced. The lack of detailed information, even though it has good reasons, obscures their benefit. We can’t even tell why we have to do this, except for a nebulous “trust us, this is important!”

At Apple, the rollout of RSRs might justifiably be considered a success. They solve a problem they had internally that kept them from responding swiftly to security issues. RSRs improve the overall security of the platforms, which is something Apple obviously and correctly cares about. You have to appreciate that.

This mismatch in the requirements and expectations from the MacAdmins community and Apple isn’t new and there will always be friction here. Nevertheless, Apple needs to directly address the issues with software update in a way that does not increase the workload of users and MacAdmins.

Maybe at WWDC? (ever the optimist)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

macOS and iOS Updates and Responses

• About Rapid Security Responses for iOS, iPadOS, and macOS – Apple Support
• Three ways to determine if macOS Rapid Security Response updates have been installed on your fleet – macOS Adventures
• Apple has just released the first Rapid Security Response for Ventura – Howard Oakley
• What is a Rapid Security Response (RSR)? – Howard Oakley
• Using Munki to “nudge” for Rapid Security Response updates (like 13.3.1 (a)) – Alan Siu

念Social Media

• Pepijn Bruienne: “It’s not an industry-first for a patch mechanism like RapidSecurityResponse to fire without having a CVE on hand.”
• Tom Bridge: “I’m gonna rant for just a minute. As IT Professionals, we have to deal with risk and insufficient information a lot. I need you to understand: you cannot eliminate risk, and you cannot know everything. What you can do, though, is be prepared and be paying attention.”
• Jason Broccardo: “TIL that passkeys won’t sync across OSes”

Security and Privacy

• Atomic Stealer: Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram – Phil Stokes, SentinelOne
• The beginning of the end of the password – Christaan Brand, Sriram Karra, Google
• Passwordless Google accounts are here – Ron Amadeo, Ars Technica
• The one and only password tip you need – Mark Stockley, Malwarebytes Labs

Support and HowTos

• Proper Packaging Principles – Nate Felton
• Using Okta with OIDC/ROPG with Jamf Connect – Sean Rabitt, Jamf Tech Thoughts
• Jamf Pro LAPS – Skartek
• Using an Elgato Game Capture HD60 S+ to record movies from a test Mac – Dr. K
• Deep dive into the various types of Mac apps – Braden Newell, Jamf Blog
• PowerShell for the Mac Admin, Part 5: Pivot – Charles Mangin, Radical Admin Blog, JumpCloud

烙Scripting and Automation

• Using Script2Pkg to create payload-free installer packages – Rich Trouton GitHub
• Software Updates, Bonus Round: SWU Bugged Fact – Sudoade
• Sdelsaz/PIN-for-Admin: equest temporary admin privileges with a PIN
• Managed Apple ID Pre-work: Determining Impacted Users – Dan K. Snelson

Apple Support

• AirPods Firmware 5E135
• Security content Beats firmware update 5B66

♻️Updates and Releases

• App Catalog (April 2023)
• Munki 6.3.1
• swiftDialog 2.2 Preview 2
• Baseline v1.2beta1
• super v3.0-b12
• Setup Your Mac 1.10.0-rc29

To Listen

• All about Jamf’s spring release – Apple @ Work Podcast, 9to5Mac
• The Fix Is In – Command-Control-Power
• NanoMDM – Mac Admins Podcast

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Another fairly quiet week. I expect more news as WWDC approaches.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• 2023 Jamf Spring Event Recap – Jamf Blog
• Shifting from Device-Centric to Identity-Centric – JC-Chris Tate, Radical Admin Blog, JumpCloud
• Is a Promotion Right For Me? – Pam Lefkowitz, Radical Admin Blog, JumpCloud

🔐Security and Privacy

• macOS’ Rapid Security Response: Designed into a Corner – Mykola Grymalyuk
• VMware fixes critical zero-day exploit chain used at Pwn2Own – Sergiu Gatlan, BleepingComputer
• CVE-2023-23525: Get Root via A Fake Installer – Mickey Jin
• New Atomic macOS info-stealing malware targets 50 crypto wallets – Bill Toulas, BleepingComputer
• LockBit for Mac: How Real is the Risk of macOS Ransomware? – Phil Stokes, SentinelOne

🔨Support and HowTos

• Should you remove duplicate files? – Howard Oakley
• Microsoft Enterprise SSO plug-in for Apple devices – Microsoft Learn (via Pepijn Bruienne)
• Migrating to Cisco Secure Client 5 – Fraser Hess
• The four types of Safari extension – Jeff Johnson
• Setup Device Compliance with Jamf and Intune – Ericson Tech
• Licensing Omni Apps for Managed Devices – The Omni Group

🤖Scripting and Automation

• Using Shortcuts on macOS to create powerful multi-step actions for Stream Deck – Dr. K, ModTitan
• Secure token and bootstrap token in a user-less environment – Fabien Conus
• Demote on Login with SAP Privileges – Samuel Mills
• Extracting icons from Assets.car on macOS – Alan Siu
• Intro to JAWA – Your Automation Buddy – The Geeky Gordo
• Clean up your packages in Jamf Pro automatically with JamfPackageCleaner – Graham R. Pugh
• kylejericson/Jamf-LAPS-Bootstrapper: A simple tool to get the LAPS password from a Mac enrolled in Jamf Pro
• Tiny hex and binary converters in swift, go, python, && javascript – Charles Edge
• Small Go Script To Send Some JSON To An Endpoint – Charles Edge
• Setup Your Mac: Spring ‘23 Survey – Dan K. Snelson
• Upgrading SYM – Dan K. Snelson

🍏Apple Support

• TN3147: Migrating to the latest notarization tool – Apple Developer Documentation

♻️Updates and Releases

• iMazing Profile Editor 1.7.0
• Jamf Pro 10.46: Release Notes, Video
• swiftDialog 2.2 Preview 1
• Setup Your Mac 1.10.0-rc24
• The identity problem in K-12 is solved with Clever – 9to5Mac, Apple @ Work Podcast

🎧To Listen

• Selina Ali – Mac Admins Podcast
• Jamf Trust Employee Badge with Jamf and SwiftConnect – Jamf After Dark
• Pricing Your Device Management Stack – Command-Control-Power
• Removing the human: When should AI be used in emotional crisis? – Lock and Code, MalwarebytesLabs

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

For change, this was a week without an update, security or otherwise. MacAdmins have still been busy doing and sharing their research. Thank you all so very much for all the great articles.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Two years at Jamf – Dr. K

🦣Social Media

• Graham Gilbert on Mastodon: “This week my team was discussing ways to make it less painful on users to keep our macOS fleet up to date. They’re rightly fed up with the backlash every time we need to enforce an update. But guess what? macOS is our second largest platform. We do not get any complaints from our Chrome OS or Windows users. The update stories on those platforms simply work. This shouldn’t be on IT professionals to solve. Apple is failing its customers in not providing adequate tools to keep them secure.”
• MacAdmins Conference: “2023 MacAdmins Conference – Workshops announced! Registration is now OPEN!“

🔐Security and Privacy

• Apple’s Macs Have Long Escaped Ransomware. That May Be Changing – Lily Hat Newman, Wired
• LockBit ransomware on Mac: Should we worry? Jovi Umawing, Malwarebytes Labs
• Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains –  Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, and Ron Deibert, The Citizen Lab
• Enhance your security posture with Jamf Pro Device Compliance and Jamf Protect – Thijs Xhaflaire, Jamf Tech Thoughts
• The Web of Connections with iOS 16.4.1 – Jamf Threat Labs

🔨Support and HowTos

• How to Resolve Managed Apple ID Conflicts – HCS Technology Group
• “I love SQL” and other lies you tell yourself – Mat X
• Lockdown Mode in iOS 16.4 Breaks Web Forms – Michael Tsai

🤖Scripting and Automation

• Using the plutil command line tool to work with JSON on macOS Monterey and later – Rich Trouton
• “rosetter” is a shell/CLI tool to enable (or disable) opening apps using Rosetta
• A list of programming playgrounds – Julia Evans
• Trigger Jamf Pro Policy at Login or Reboot – Dan K. Snelson
• Use AutoPkg to install applications into the User Applications folder – Graham R Pugh
• PowerShell for the Mac Admin, Part 4: Blue Canary in the Outlet By the Light Switch – Charles Mangin, Radical Admin Blog

♻️Updates and Releases

• Introducing: Red Canary Mac Monitor
• Jamf Compliance Editor 1.1.3
• Munki 6.3 Official Release
• Setup Your Mac 1.10.0-rc13

📺To Watch

• MacAdmins Meeting, April 2023 – Marriott Library, Apple Infrastructure |

🎧To Listen

• Sean Colins – Mac Admins Podcast

🎈Just for Fun

• macOS + Van Gogh – Basic Apple Guy

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Generally, Friday is a good day for a news summary. But sometimes things happen after. Like last week, where Apple pushed a security update for macOS Ventura and iOS/iPadOS, followed by updates for Big Sur, Ventura, iOS/iPadOS 15, tvOS, Safari, and (maybe?) HomePod, earlier this week.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Fleet introduces MDM – Fleet for osquery
• Still Flogging, Still Dead – John C. Welch
• Staying Relevant – Pam Lefkowitz, Radical Admin Blog

🌼macOS and iOS Updates

• macOS Ventura 13.3 (22E261): About, Security, 12.6.4 (21G531), 11.7.5 (20G1231)
• iOS 16.4.1, iPadOS 16.4.1, Security, iOS and iPadOS 15.7.4
• tvOS 16.4.1
• HomePod Software 16.4.1: No info on “About” or security pages
• Safari 16.4.1
• macOS Ventura 13.3.1 Update (22E261)! Emergency Security Update?
• Apple releases emergency updates for two known-to-be-exploited vulnerabilities – Pieter Arntz, Malwarebytes Labs

🦣Social Media

• Graham R Pugh on mas.to: “AutoPkg+JamfUploader users – you’ll need to update trust on your .jamf recipes: I pushed a change to the JamfPackageUploader processor to allow jcds_mode to function with the new randomised SSO failover URLs introduced in Jamf Pro 10.45.”
• Gary Oldham on LinkedIn: “[…] I’m still reading through [“Make Something Wonderful”], but came across a section that listed (in an email to himself, a frequent Steve practice) his music playlist from 2003, the year that the iTunes Music Store launched. If you’d like to see – and listen to – that playlist, I’ve compiled one on Apple Music.“
• Graham R Pugh: “Anyone managing Apple mobile devices should be aware that iOS/iPadOS 16.4.1 allows anyone to download and install the 16.5 Developer Beta without needing to supply a Developer Apple ID. I just did it with my regular consumer Apple ID. File feedback to Apple if this worries you – there doesn’t currently seem to be a way to prevent this.”

🔐Security and Privacy

• Ironing out (the macOS) details of a Smooth Operator (Part II) – Patrik Wardle

🔨Support and HowTos

• How to Install SentinelOne with Jamf Pro – HCS Technology Group
• Setup Your Mac: Zoom Room Edition – Rob J. Schroeder
• Device activity reporting in Jamf Connect – Peter Siman, Jamf Engineering
• Resources to Make Great Presentations – BradenN, Jamf Tech Thoughts
• New Macs All Have Model Identifier “Mac” – Michael Tsai
• macOS: enlarge the windows to the edges of the screen by double-clicking – Guillaume Gète.
• Migrating an APNS certificate from one Apple ID to another Apple ID – Rich Trouton

🤖Scripting and Automation

• Let SSH retry connecting for you – Sindastra’s info dump
• CrowdStrike Falcon Inspector (0.0.2) with swiftDialog – Dan K. Snelson
• Over-Engineering 101: detect duplicate Jamf Pro device records – Skartek

🍏Apple Support

• What’s new in personal safety with Apple devices (via Pepijn Bruienne)

🎧To Listen

• Baseline with Trevor & Rob – Mac Admins Podcast
• Fleet announces open-source, cross-platform device management platform – Apple @ Work Podcast, 9to5Mac
• Interview With Jon Brown, VP Of Technology & Cybersecurity at Interlaced.io – Command-Control-Power
• How the cops buy a “God view” of your location data, with Bennett Cyphers – Lock and Code, Malwarebytes Labs
• Jamf solutions in the healthcare space – Jamf After Dark

🎈Just for Fun

• Here’s to the Crazy Ones – Basic Apple Guy
• Make Something Wonderful, a book from the Steve Jobs Archive

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Happy Easter to everyone who celebrates! Even when you just enjoy eating chocolate eggs.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

• Level Up Security Knowledge with Jamf 170 – kschuler, Jamf Tech Thoughts

macOS and iOS Updates

• What happened to Open With > Suspicious Package in the Finder on macOS 13.3? – Suspicious Package, Frequently Asked Questions (update with a workaround)
• macOS Ventura 13.3 alters expected behavior for Finder’s Open With functionality for macOS installer packages – Rich Trouton
• Swift 5.8 Released! – Swift.org
• What’s new in Swift 5.8 – Paul Hudson, Hacking with Swift

Security and Privacy

• macOS Security Bugs Exposed Safari History and Device Location to Unauthorized Apps – Guilherme Rambo
• New macOS malware steals sensitive info, including a user’s entire Keychain database – Jovi Umawing, Malwarebytes Labs

Support and HowTos

• Hands-on with built-in notifications for App Installers deployments – Dr. K
• How Much Is 5 Minutes Worth? – Pam Lefkowitz, Radical Admin Blog
• How Cryptexes are changing macOS Ventura – Howard Oakley
• Change Jamf Management Account – Ericson Tech
• Getting more from Disk Utility’s First Aid – Howard Oakley
• Apple Configurator 2 and Apple Business Manager – Jesus Vigo, Jamf Blog

Scripting and Automation

• Running zsh Scripts Through Management Tools – Trevor Sysock

Apple Support

• Use FaceTime or other videoconferencing apps instead of Keynote Live

Updates and Releases

• Setup-Your-Mac 1.9.0 (Blog Post)
• Suspicious Package 4.3.2
• Apparency 1.5.1
• BBEdit 14.6.5
• macadmins/munki-builds: Munki v6.3.0.4574 Beta: “This is a signed and notarized build of munki” (more info)

To Watch

• X World Sessions, 2023
• Advanced Mac Management for Education – Mat Pullen, Anthony Darlow, Jamf (YouTube)

To Listen

• X World 2023 – Mac Admins Podcast
• Interview With Dav James of DIJ Consulting — Command-Control-Power
• An update on Jamf in Healthcare – Jamf After Dark

Just for Fun

• Commander 2023 Wallpaper & T-Shirts – Basic Apple Guy

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Apple was busy this week. As expected, we got the macOS Ventura 13.3, iOS 16.4, and sibling platform updates. (New emojis!) We also got the long awaited Apple Music Classical app (iOS only), Apple Pay Later (where available, i.e yet another US only service), and updates to several apps. Apple also announced the dates for this year’s WWDC: June 5–9 in a similar format to the past year. All sessions pre-recorded and online with a viewing event at Apple Park for the Keynote.

---

(Sponsor: SentinelOne)

A Guide to macOS Threat Hunting and Incident Response

As enterprise Macs become increasingly targeted with cross-platform malware and infostealers, it’s more important than ever to ensure security teams know how to hunt for and respond to macOS compromises.

Continue Reading Here >>

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

Jason Snell from SixColors has released the “Apple in the Enterprise” report card with lots of interesting data and even more enlightening comments from many fellow Mac and iOS admins. Now, that this is the third edition, the report includes a graph with the previous two scores for each section, and we can start to see some trends.

• Apple in the Enterprise: A 2023 report card – Jason Snell and 117 MacAdmins, Six Colors

🌼macOS Ventura 13.3 and iOS 16.4

macOS

• macOS Ventura 13.3 (22E252): About, Enterprise, Developer Release Notes, Security
• macOS Monterey 12.6.4 (21G526): Security
• macOS Big Sur 11.7.5 (20G1225): Security

iOS and iPadOS

• iOS 16.4: About, Enterprise
• iPadOS 16.4: About, Enterprise
• iOS and iPadOS 16.4: Developer Release Notes, Security
• iOS and iPadOS 15.7.4: Security

Guides

• Apple Platform Deployment Guide: Welcome, What’s new, Document revision history
• Apple School Manager User Guide: Welcome, Document revision history
• Apple Business Manager User Guide: Welcome, Document revision history
• Apple Business Essentials User Guide: Welcome, Document revision history

Other Platforms

• watchOS 9.4: About, Developer Release Notes, Security
• tvOS 16.4: About, Guide, Developer Release Notes, Security
• HomePod Software 16.4: About
• Studio Display Firmware Update 16.4: About, Security

Applications

• Xcode 14.3: Mac App Store, Developer Downloads, Developer Release Notes, Security
• Safari 16.4: Blog post, Developer Release Notes, Security
• Pages 13.0: Mac, iOS, iCloud
• Keynote 13.0: Mac, iOS, iCloud
• Numbers 13.0: Mac, iOS, iCloud
• Shortcuts: What’s new
• Apple Music Classical: iOS App Store
• iTunes 12.12.8 for Windows 10

Apple Support

• How iOS, iPadOS, and macOS decide which wireless network to auto-join
• Reduce screen motion on Apple TV

Community

• What has changed in macOS Ventura 13.3? – Howard Oakley
• macOS Ventura 13.3 Update (22E252)! What’s New? – Mr. Macintosh
• macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs – Howard Oakley
• Fixing firmware update problems – Howard Oakley
• Apple fixes actively exploited vulnerability and introduces new features – Pieter Arntz, MalwarebytesLabs
• iOS 16.4 Emoji Changelog – Keith Broni, Emojipedia

📰News and Opinion

• Apple’s Worldwide Developers Conference returns June 5 – Apple
• Using ‘Phone Link’ Between iOS and Windows for iPhone Notifications and iMessage – Federico Viticci, MacStories
• Apple Passwords Deserve An App – Cabel Sasser
• Keynote at X World: Running After the Ice Cream Truck – Tom Bridge
• Getting Past Stuck – Pam Lefkowitz, Radical Admin Blog, Jumpcloud
• Software Update: Where We’re Going, Where We’ve Been – Tom Bridge
• Intel Co-Founder Gordon Moore Dies at 94 – Adam Engst, TidBITS (Note: my wonderful wife does research funded by a Moore Foundation grant)
• Speaking at London Apple Admins for Beginners – Daz Wallace

🎤Conferences

• PSU MacAdmins Conference, July 16–21: Registration now open!
• Objective by the Sea v6.0, Oct 9–13, Marbella, Spain
• WWDC23, June 5–9, online

More information on upcoming conferences and archives of past conferences on my conferences page.

🦣Social Media

• John C. Welch: “One thing remote work has screwed is the ability to learn how the people I don’t work with, but support, work. I called it “Support by Walking around” not just for the “it’s too minor for a ticket, but since you’re here” problems that I could see were developing into bigger problems. That was invaluable in and of itself. But it also, over time, gave me a way to see how the people I supported actually worked. How they needed to work, how their actual workflow functioned.” (thread)

🔐Security and Privacy

• We updated our RSA SSH host key – Mike Hanley, The GitHub Blog
• MacStealer: New macOS-based Stealer Malware Identified – Shilpesh Trivedi, Uptycs
• Beware of MacStealer, a growing malware threat that affects macOS – Jamf Threat Labs
• Microsoft Defender is flagging legit URLs as malicious – Jeff Burt, The Register

🔨Support and HowTos

• Planning Your Presentation – William Smith, Jamf Tech Thoughts
• Testing a local timezone deadline in Nudge – Alan Siu
• Binding to Active Directory: Consider the Alternatives – Kandji Blog
• Path to Mac Admin: From Zero to Hero – Tim Herr, Jamf Blog
• ServiceNow Asset Data in Snowflake – Thomas Larkin

🤖Scripting and Automation

• CrowdStrike Falcon Kickstart (0.0.2) – Dan K. Snelson
• Quick And Dirty Guide To Compiling Your Own Version Of An Open Source Xcode Project For Testing Charles Edge

♻️Updates and Releases

• Introducing the Kolide Desktop App – Blaed Johnston, Kolide Blog
• Test A Fork Of NoMAD Maybe? – Charles Edge
• Managing ephemeral self-hosted GitHub Actions runners with Tartelet – Simon Støvring, Shape
• SAP/backgrounds: Backgrounds is a macOS application for creating and setting custom desktop wallpapers on Apple Macintosh computers
• super v3.0-b10

📺To Watch

• Custom Branded Notifications & Messages with swiftDialog – Dan K. Snelson

🎧To Listen

• An academic look at autopkg with Manuela Muñoz Bocanegra – Mac Admins Podcast
• Interview With Adam Engst Of the TidBITS Content Network – Command-Control-Power
• Healthcare challenges with Apple devices – Apple @ Work, 9to5Mac

🎈Just for Fun

• WWDC23 Wallpaper, Desktop Images 4k Downloads – Mr. Macintosh

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators