Scripting OS X

Another fairly quiet week. I expect more news as WWDC approaches.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• 2023 Jamf Spring Event Recap – Jamf Blog
• Shifting from Device-Centric to Identity-Centric – JC-Chris Tate, Radical Admin Blog, JumpCloud
• Is a Promotion Right For Me? – Pam Lefkowitz, Radical Admin Blog, JumpCloud

🔐Security and Privacy

• macOS’ Rapid Security Response: Designed into a Corner – Mykola Grymalyuk
• VMware fixes critical zero-day exploit chain used at Pwn2Own – Sergiu Gatlan, BleepingComputer
• CVE-2023-23525: Get Root via A Fake Installer – Mickey Jin
• New Atomic macOS info-stealing malware targets 50 crypto wallets – Bill Toulas, BleepingComputer
• LockBit for Mac: How Real is the Risk of macOS Ransomware? – Phil Stokes, SentinelOne

🔨Support and HowTos

• Should you remove duplicate files? – Howard Oakley
• Microsoft Enterprise SSO plug-in for Apple devices – Microsoft Learn (via Pepijn Bruienne)
• Migrating to Cisco Secure Client 5 – Fraser Hess
• The four types of Safari extension – Jeff Johnson
• Setup Device Compliance with Jamf and Intune – Ericson Tech
• Licensing Omni Apps for Managed Devices – The Omni Group

🤖Scripting and Automation

• Using Shortcuts on macOS to create powerful multi-step actions for Stream Deck – Dr. K, ModTitan
• Secure token and bootstrap token in a user-less environment – Fabien Conus
• Demote on Login with SAP Privileges – Samuel Mills
• Extracting icons from Assets.car on macOS – Alan Siu
• Intro to JAWA – Your Automation Buddy – The Geeky Gordo
• Clean up your packages in Jamf Pro automatically with JamfPackageCleaner – Graham R. Pugh
• kylejericson/Jamf-LAPS-Bootstrapper: A simple tool to get the LAPS password from a Mac enrolled in Jamf Pro
• Tiny hex and binary converters in swift, go, python, && javascript – Charles Edge
• Small Go Script To Send Some JSON To An Endpoint – Charles Edge
• Setup Your Mac: Spring ‘23 Survey – Dan K. Snelson
• Upgrading SYM – Dan K. Snelson

🍏Apple Support

• TN3147: Migrating to the latest notarization tool – Apple Developer Documentation

♻️Updates and Releases

• iMazing Profile Editor 1.7.0
• Jamf Pro 10.46: Release Notes, Video
• swiftDialog 2.2 Preview 1
• Setup Your Mac 1.10.0-rc24
• The identity problem in K-12 is solved with Clever – 9to5Mac, Apple @ Work Podcast

🎧To Listen

• Selina Ali – Mac Admins Podcast
• Jamf Trust Employee Badge with Jamf and SwiftConnect – Jamf After Dark
• Pricing Your Device Management Stack – Command-Control-Power
• Removing the human: When should AI be used in emotional crisis? – Lock and Code, MalwarebytesLabs

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

For change, this was a week without an update, security or otherwise. MacAdmins have still been busy doing and sharing their research. Thank you all so very much for all the great articles.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Two years at Jamf – Dr. K

🦣Social Media

• Graham Gilbert on Mastodon: “This week my team was discussing ways to make it less painful on users to keep our macOS fleet up to date. They’re rightly fed up with the backlash every time we need to enforce an update. But guess what? macOS is our second largest platform. We do not get any complaints from our Chrome OS or Windows users. The update stories on those platforms simply work. This shouldn’t be on IT professionals to solve. Apple is failing its customers in not providing adequate tools to keep them secure.”
• MacAdmins Conference: “2023 MacAdmins Conference – Workshops announced! Registration is now OPEN!“

🔐Security and Privacy

• Apple’s Macs Have Long Escaped Ransomware. That May Be Changing – Lily Hat Newman, Wired
• LockBit ransomware on Mac: Should we worry? Jovi Umawing, Malwarebytes Labs
• Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains –  Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, and Ron Deibert, The Citizen Lab
• Enhance your security posture with Jamf Pro Device Compliance and Jamf Protect – Thijs Xhaflaire, Jamf Tech Thoughts
• The Web of Connections with iOS 16.4.1 – Jamf Threat Labs

🔨Support and HowTos

• How to Resolve Managed Apple ID Conflicts – HCS Technology Group
• “I love SQL” and other lies you tell yourself – Mat X
• Lockdown Mode in iOS 16.4 Breaks Web Forms – Michael Tsai

🤖Scripting and Automation

• Using the plutil command line tool to work with JSON on macOS Monterey and later – Rich Trouton
• “rosetter” is a shell/CLI tool to enable (or disable) opening apps using Rosetta
• A list of programming playgrounds – Julia Evans
• Trigger Jamf Pro Policy at Login or Reboot – Dan K. Snelson
• Use AutoPkg to install applications into the User Applications folder – Graham R Pugh
• PowerShell for the Mac Admin, Part 4: Blue Canary in the Outlet By the Light Switch – Charles Mangin, Radical Admin Blog

♻️Updates and Releases

• Introducing: Red Canary Mac Monitor
• Jamf Compliance Editor 1.1.3
• Munki 6.3 Official Release
• Setup Your Mac 1.10.0-rc13

📺To Watch

• MacAdmins Meeting, April 2023 – Marriott Library, Apple Infrastructure |

🎧To Listen

• Sean Colins – Mac Admins Podcast

🎈Just for Fun

• macOS + Van Gogh – Basic Apple Guy

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Generally, Friday is a good day for a news summary. But sometimes things happen after. Like last week, where Apple pushed a security update for macOS Ventura and iOS/iPadOS, followed by updates for Big Sur, Ventura, iOS/iPadOS 15, tvOS, Safari, and (maybe?) HomePod, earlier this week.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Fleet introduces MDM – Fleet for osquery
• Still Flogging, Still Dead – John C. Welch
• Staying Relevant – Pam Lefkowitz, Radical Admin Blog

🌼macOS and iOS Updates

• macOS Ventura 13.3 (22E261): About, Security, 12.6.4 (21G531), 11.7.5 (20G1231)
• iOS 16.4.1, iPadOS 16.4.1, Security, iOS and iPadOS 15.7.4
• tvOS 16.4.1
• HomePod Software 16.4.1: No info on “About” or security pages
• Safari 16.4.1
• macOS Ventura 13.3.1 Update (22E261)! Emergency Security Update?
• Apple releases emergency updates for two known-to-be-exploited vulnerabilities – Pieter Arntz, Malwarebytes Labs

🦣Social Media

• Graham R Pugh on mas.to: “AutoPkg+JamfUploader users – you’ll need to update trust on your .jamf recipes: I pushed a change to the JamfPackageUploader processor to allow jcds_mode to function with the new randomised SSO failover URLs introduced in Jamf Pro 10.45.”
• Gary Oldham on LinkedIn: “[…] I’m still reading through [“Make Something Wonderful”], but came across a section that listed (in an email to himself, a frequent Steve practice) his music playlist from 2003, the year that the iTunes Music Store launched. If you’d like to see – and listen to – that playlist, I’ve compiled one on Apple Music.“
• Graham R Pugh: “Anyone managing Apple mobile devices should be aware that iOS/iPadOS 16.4.1 allows anyone to download and install the 16.5 Developer Beta without needing to supply a Developer Apple ID. I just did it with my regular consumer Apple ID. File feedback to Apple if this worries you – there doesn’t currently seem to be a way to prevent this.”

🔐Security and Privacy

• Ironing out (the macOS) details of a Smooth Operator (Part II) – Patrik Wardle

🔨Support and HowTos

• How to Install SentinelOne with Jamf Pro – HCS Technology Group
• Setup Your Mac: Zoom Room Edition – Rob J. Schroeder
• Device activity reporting in Jamf Connect – Peter Siman, Jamf Engineering
• Resources to Make Great Presentations – BradenN, Jamf Tech Thoughts
• New Macs All Have Model Identifier “Mac” – Michael Tsai
• macOS: enlarge the windows to the edges of the screen by double-clicking – Guillaume Gète.
• Migrating an APNS certificate from one Apple ID to another Apple ID – Rich Trouton

🤖Scripting and Automation

• Let SSH retry connecting for you – Sindastra’s info dump
• CrowdStrike Falcon Inspector (0.0.2) with swiftDialog – Dan K. Snelson
• Over-Engineering 101: detect duplicate Jamf Pro device records – Skartek

🍏Apple Support

• What’s new in personal safety with Apple devices (via Pepijn Bruienne)

🎧To Listen

• Baseline with Trevor & Rob – Mac Admins Podcast
• Fleet announces open-source, cross-platform device management platform – Apple @ Work Podcast, 9to5Mac
• Interview With Jon Brown, VP Of Technology & Cybersecurity at Interlaced.io – Command-Control-Power
• How the cops buy a “God view” of your location data, with Bennett Cyphers – Lock and Code, Malwarebytes Labs
• Jamf solutions in the healthcare space – Jamf After Dark

🎈Just for Fun

• Here’s to the Crazy Ones – Basic Apple Guy
• Make Something Wonderful, a book from the Steve Jobs Archive

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Happy Easter to everyone who celebrates! Even when you just enjoy eating chocolate eggs.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

• Level Up Security Knowledge with Jamf 170 – kschuler, Jamf Tech Thoughts

macOS and iOS Updates

• What happened to Open With > Suspicious Package in the Finder on macOS 13.3? – Suspicious Package, Frequently Asked Questions (update with a workaround)
• macOS Ventura 13.3 alters expected behavior for Finder’s Open With functionality for macOS installer packages – Rich Trouton
• Swift 5.8 Released! – Swift.org
• What’s new in Swift 5.8 – Paul Hudson, Hacking with Swift

Security and Privacy

• macOS Security Bugs Exposed Safari History and Device Location to Unauthorized Apps – Guilherme Rambo
• New macOS malware steals sensitive info, including a user’s entire Keychain database – Jovi Umawing, Malwarebytes Labs

Support and HowTos

• Hands-on with built-in notifications for App Installers deployments – Dr. K
• How Much Is 5 Minutes Worth? – Pam Lefkowitz, Radical Admin Blog
• How Cryptexes are changing macOS Ventura – Howard Oakley
• Change Jamf Management Account – Ericson Tech
• Getting more from Disk Utility’s First Aid – Howard Oakley
• Apple Configurator 2 and Apple Business Manager – Jesus Vigo, Jamf Blog

Scripting and Automation

• Running zsh Scripts Through Management Tools – Trevor Sysock

Apple Support

• Use FaceTime or other videoconferencing apps instead of Keynote Live

Updates and Releases

• Setup-Your-Mac 1.9.0 (Blog Post)
• Suspicious Package 4.3.2
• Apparency 1.5.1
• BBEdit 14.6.5
• macadmins/munki-builds: Munki v6.3.0.4574 Beta: “This is a signed and notarized build of munki” (more info)

To Watch

• X World Sessions, 2023
• Advanced Mac Management for Education – Mat Pullen, Anthony Darlow, Jamf (YouTube)

To Listen

• X World 2023 – Mac Admins Podcast
• Interview With Dav James of DIJ Consulting — Command-Control-Power
• An update on Jamf in Healthcare – Jamf After Dark

Just for Fun

• Commander 2023 Wallpaper & T-Shirts – Basic Apple Guy

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Apple was busy this week. As expected, we got the macOS Ventura 13.3, iOS 16.4, and sibling platform updates. (New emojis!) We also got the long awaited Apple Music Classical app (iOS only), Apple Pay Later (where available, i.e yet another US only service), and updates to several apps. Apple also announced the dates for this year’s WWDC: June 5–9 in a similar format to the past year. All sessions pre-recorded and online with a viewing event at Apple Park for the Keynote.

---

(Sponsor: SentinelOne)

A Guide to macOS Threat Hunting and Incident Response

As enterprise Macs become increasingly targeted with cross-platform malware and infostealers, it’s more important than ever to ensure security teams know how to hunt for and respond to macOS compromises.

Continue Reading Here >>

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

Jason Snell from SixColors has released the “Apple in the Enterprise” report card with lots of interesting data and even more enlightening comments from many fellow Mac and iOS admins. Now, that this is the third edition, the report includes a graph with the previous two scores for each section, and we can start to see some trends.

• Apple in the Enterprise: A 2023 report card – Jason Snell and 117 MacAdmins, Six Colors

🌼macOS Ventura 13.3 and iOS 16.4

macOS

• macOS Ventura 13.3 (22E252): About, Enterprise, Developer Release Notes, Security
• macOS Monterey 12.6.4 (21G526): Security
• macOS Big Sur 11.7.5 (20G1225): Security

iOS and iPadOS

• iOS 16.4: About, Enterprise
• iPadOS 16.4: About, Enterprise
• iOS and iPadOS 16.4: Developer Release Notes, Security
• iOS and iPadOS 15.7.4: Security

Guides

• Apple Platform Deployment Guide: Welcome, What’s new, Document revision history
• Apple School Manager User Guide: Welcome, Document revision history
• Apple Business Manager User Guide: Welcome, Document revision history
• Apple Business Essentials User Guide: Welcome, Document revision history

Other Platforms

• watchOS 9.4: About, Developer Release Notes, Security
• tvOS 16.4: About, Guide, Developer Release Notes, Security
• HomePod Software 16.4: About
• Studio Display Firmware Update 16.4: About, Security

Applications

• Xcode 14.3: Mac App Store, Developer Downloads, Developer Release Notes, Security
• Safari 16.4: Blog post, Developer Release Notes, Security
• Pages 13.0: Mac, iOS, iCloud
• Keynote 13.0: Mac, iOS, iCloud
• Numbers 13.0: Mac, iOS, iCloud
• Shortcuts: What’s new
• Apple Music Classical: iOS App Store
• iTunes 12.12.8 for Windows 10

Apple Support

• How iOS, iPadOS, and macOS decide which wireless network to auto-join
• Reduce screen motion on Apple TV

Community

• What has changed in macOS Ventura 13.3? – Howard Oakley
• macOS Ventura 13.3 Update (22E252)! What’s New? – Mr. Macintosh
• macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs – Howard Oakley
• Fixing firmware update problems – Howard Oakley
• Apple fixes actively exploited vulnerability and introduces new features – Pieter Arntz, MalwarebytesLabs
• iOS 16.4 Emoji Changelog – Keith Broni, Emojipedia

📰News and Opinion

• Apple’s Worldwide Developers Conference returns June 5 – Apple
• Using ‘Phone Link’ Between iOS and Windows for iPhone Notifications and iMessage – Federico Viticci, MacStories
• Apple Passwords Deserve An App – Cabel Sasser
• Keynote at X World: Running After the Ice Cream Truck – Tom Bridge
• Getting Past Stuck – Pam Lefkowitz, Radical Admin Blog, Jumpcloud
• Software Update: Where We’re Going, Where We’ve Been – Tom Bridge
• Intel Co-Founder Gordon Moore Dies at 94 – Adam Engst, TidBITS (Note: my wonderful wife does research funded by a Moore Foundation grant)
• Speaking at London Apple Admins for Beginners – Daz Wallace

🎤Conferences

• PSU MacAdmins Conference, July 16–21: Registration now open!
• Objective by the Sea v6.0, Oct 9–13, Marbella, Spain
• WWDC23, June 5–9, online

More information on upcoming conferences and archives of past conferences on my conferences page.

🦣Social Media

• John C. Welch: “One thing remote work has screwed is the ability to learn how the people I don’t work with, but support, work. I called it “Support by Walking around” not just for the “it’s too minor for a ticket, but since you’re here” problems that I could see were developing into bigger problems. That was invaluable in and of itself. But it also, over time, gave me a way to see how the people I supported actually worked. How they needed to work, how their actual workflow functioned.” (thread)

🔐Security and Privacy

• We updated our RSA SSH host key – Mike Hanley, The GitHub Blog
• MacStealer: New macOS-based Stealer Malware Identified – Shilpesh Trivedi, Uptycs
• Beware of MacStealer, a growing malware threat that affects macOS – Jamf Threat Labs
• Microsoft Defender is flagging legit URLs as malicious – Jeff Burt, The Register

🔨Support and HowTos

• Planning Your Presentation – William Smith, Jamf Tech Thoughts
• Testing a local timezone deadline in Nudge – Alan Siu
• Binding to Active Directory: Consider the Alternatives – Kandji Blog
• Path to Mac Admin: From Zero to Hero – Tim Herr, Jamf Blog
• ServiceNow Asset Data in Snowflake – Thomas Larkin

🤖Scripting and Automation

• CrowdStrike Falcon Kickstart (0.0.2) – Dan K. Snelson
• Quick And Dirty Guide To Compiling Your Own Version Of An Open Source Xcode Project For Testing Charles Edge

♻️Updates and Releases

• Introducing the Kolide Desktop App – Blaed Johnston, Kolide Blog
• Test A Fork Of NoMAD Maybe? – Charles Edge
• Managing ephemeral self-hosted GitHub Actions runners with Tartelet – Simon Støvring, Shape
• SAP/backgrounds: Backgrounds is a macOS application for creating and setting custom desktop wallpapers on Apple Macintosh computers
• super v3.0-b10

📺To Watch

• Custom Branded Notifications & Messages with swiftDialog – Dan K. Snelson

🎧To Listen

• An academic look at autopkg with Manuela Muñoz Bocanegra – Mac Admins Podcast
• Interview With Adam Engst Of the TidBITS Content Network – Command-Control-Power
• Healthcare challenges with Apple devices – Apple @ Work, 9to5Mac

🎈Just for Fun

• WWDC23 Wallpaper, Desktop Images 4k Downloads – Mr. Macintosh

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Apple released the release candidates for macOS 13.3, iOS 16.4, and all the siblings. Are you ready for the release next week?

---

(Sponsor: SentinelOne)

Session Cookies, Keychains, SSH Keys and More: 7 Kinds of Data Malware Steals from macOS Users

Stealing valuable data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware campaigns have done it.

Continue Reading Here >>

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

• Talking to Muggles – Pam Lefkowitz, JumpCloud
• Can I use ChatGPT to code? macOS scripting with AI – Armin Briegel, Jamf Blog
• Interested in Supporting NoMAD Development? – Marriott Library, Apple Infrastructure

🦣Social Media

• Jason Broccardo: “The second “M” in MDM stands for “Maybe””
• AnthonyReimer: “the first M is for maybe. Maybe Device Management.”

🔐Security and Privacy

• Zero Trust: When Expectations Fail to Meet Reality (Do This) – Ashley Gwilliam, JumpCloud
• Session Cookies, Keychains, SSH Keys and More: 7 Kinds of Data Malware Steals from macOS Users – Phil Stokes, SentinelOne

🔨Support and HowTos

• 1Password gains deep integration with an Okta driven unlock option – Bradley Chambers, Apple@Work
• loginwindow does more than log you in – Howard Oakley
• Software Updates, Part 3 – Remediation – Ross Matsuda
• Jamf Protect integrates with Microsoft Sentinel – Thijs Xhaflaire, Jamf Blog
• Spelunking Apple’s Open Source – Daniel Jalkut
• Nudge deadlines in local timezones – Kevin M. Cox
• Santa Client Troubleshooting – Ed Marczak
• Meet MUT, Jamf open-source Mac admin tool – Jesus Vigo, Jamf Blog

🤖Scripting and Automation

• PowerShell for the Mac Admin, Part 3: Do You Want To Build A Snowman? – Charles Mangin, JumpCloud
• Custom Branded macOS Notifications with swiftDialog 2.0 – Dan K. Snelson
• Display Message (0.0.7) via swiftDialog – Dan K. Snelson

♻️Updates and Releases

• Microsoft Outlook for Mac switching to weekly releases – Kevin M. Cox
• Outlook will release weekly updates to production beginning March 21, 2023 – macadmins.software
• super v3.0-b9
• Jamf Pro 10.45
• Little Snitch Mini – Objective Development
• Outset 3.0.3 (Last update for the python version)
• Outset 4.0 Beta 2
• Baseline v1.1 (Blog Post)
• Munki 6.3 Beta 3
• Setup-Your-Mac 1.9.0-rc

🎧To Listen

• Just Give Me The Fish — Command-Control-Power
• HomeKit Panel – Mac Admins Podcast
• Cisco and Apple: better together – Apple @ Work Podcast, 9to5Mac

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

The newsletter this week is coming at an unusual time of day because I am traveling. If I missed any links because of the travels, please let me know!

---

(Sponsor: SentinelOne)

The Complete Guide to Understanding Apple Mac Security for Enterprise

Everything you need to know to understand the strengths and weaknesses of the security controls built into Apple Macs and the macOS platform.

Continue Reading Here >>

---

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

Jason Snell has put out the call for the next incarnation of the “Six Colors Apple in the Enterprise Report Card.” If you are interested you can read last year’s report here. The questionnaire is open to all MacAdmins but you need to fill it out before March 22nd deadline.

• Six Colors Apple in the Enterprise Report Card Open til March 22nd – Tom Bridge
• Direct Link to Questionnaire

📰News and Opinion

• It’s Time to Make Your Pitch – William Smith, Jamf Tech Thoughts
• Apple opens up sideloading devices to Apple Business Manager outside of Apple Configurator – Bradley Chambers, 9to5Mac
• The key to the Mac’s survival isn’t a new Air–it’s the next iPad Pro – Jason Snell, Macworld

🦣Social Media

• William Smith on Mastodon: “Happy to announce the Jamf Training Catalog introduced in 2018 and only available to customers is NOW available to anyone with a free Jamf Account. No customer requirement going forward.”
• Mike Lynn on Mastodon: “[…] avoid attempting to manage the end user experience as much as possible – or allowing your organization to dictate to you, as the subject matter expert, that settings of this nature MUST be enforced to a specific value. No two people agree on a sane default experience. Managing for security? Yes, great. Managing look and feel? Please do not“

🔐Security and Privacy

• The ultimate guide to macOS security – Jesus Vigo, Jamf Blog

🔨Support and HowTos

• Who’s managing my apps? – Howard Oakley
• Enforcing an older force_install_after_date when importing a new Munki item version – Alan Siu
• Granting Volume Owner status on Apple Silicon Macs – Rich Trouton
• Ventura has changed app quarantine with a new xattr – Howard Oakley
• Apple’s File Provider Forces Mac Cloud Storage Changes – Adam Engst, TidBITS
• The Care and Feeding of Your JumpCloud – Pam Lefkowitz
• Big Changes to Our macOS Agent – Emily Hill, Kolide Blog
• What is a NoPkg? – Meredith Kreisa, SimpleMDM
• What is macOS Ventura doing tracking provenance? – Howard Oakley
• Moving Day: How we migrated from one MDM to another – Jacob Burley
• Creating a sysdiagnose file using Activity Monitor – Rich Trouton
• Fixing Shadow IT (Without Being a Jerk) – Pam Lefkowitz
• Getting started with web browser management in Jamf Pro – Stuart Dea, dataJAR
• Using a Mac without a network connection – Howard Oakley
• You Still Use a Printer? – Allen Golbig, Jamf Tech Thoughts

🤖Scripting and Automation

• Automated Device Enrollment and Setup Your Mac version 1.8.1 – Rob J Schroeder
• maxgoedjen/secretive: Store SSH keys in the Secure Enclave
• CrowdStrike Falcon Diagnose (0.0.3) with swiftDialog – Dan K. Snelson
• PowerShell for Mac Admins – Radical Admin Blog, Jumpcloud Community (Part 2)
• Using PlistBuddy With Shell Scripts – Trevor Sysock

♻️Updates and Releases

• Setup-Your-Mac 1.8.1
• Gain Deeper Insights Into Business Security with the Enhanced 1Password Events API – Skylar Nagao, 1Password
• Archaeology: tool for digging into binary files on macOS
• Baseline v1.1beta2
• Munki v6.3.0.b1

📺To Watch

• March 2023: MacAdmins Meeting Archived Presentations and Slides Online – Marriott Library, Apple Infrastructure

🎧To Listen

• Filewave APIs with Josh Levitsky – Mac Admins Podcast
• Let’s Talk Mobile Threat Security Landscape – Jamf After Dark
• “Brad Pitt,” a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes – Lock and Code, Malwarebytes Labs

🎈Just for Fun

• Big Starry Sur: macOS Big Sur in the style of Van Gogh’s Starry Night – Basic Apple Guy

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

Apple announced a new yellow iPhone color this week, which invokes spring thoughts, but here in the Netherlands we have had the most wintry weather this season. I hope spring comes quickly after this last effort of winter.

---

(Sponsor: SentinelOne)

Hunting for Honkbox: Multistage macOS Cryptominer May Still Be Hiding

Learn how Honkbox hides on macOS and evades detection. This post contains details of a previously undocumented variant, along with further IOCs and behaviors for threat hunters and SOC teams.

Continue Reading Here >>

---

Spring will also bring the “Spring updates” of macOS and iOS and we did get another round of betas this week. These updates which are about half way between Apple’s major platform updates often come with significant changes, especially for admins. From what we can tell from the betas, the changes this year seem be on the “less impactful” side. A welcome respite for MacAdmins.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

• Apple Vision Accessibility: the AppleVis Report Card – AppleVis
• Screen Time is Unreliable –Brian Stucki
• Depth or Breadth in IT – Pam Lefkowitz
• Do I Have Imposter Syndrome? – Pam Lefkowitz

macOS and iOS Updates

• Apple School Manager User Guide, March 2023 revisions
• Apple Business Manager User Guide, March 2023 revisions
• tvOS 16.3.3

Security and Privacy

• Malvertising on Google Ads: It’s Hiding in Plain Site – Kenny Najarro, Kolide Blog

Support and HowTos

• Reproducible Builds for macOS – Mike Lynn
• Custom Finder icons, resources and Mac OS history – Howard Oakley
• Eighty Shades of Option Key – Guillaume Gète
• What is PkgInfo, and how do you use custom Munki PkgInfo? – Meredith Kreisa, SimpleMDM
• Beware of the expiry of APNS tokens! – Guilleaume Gète
• DFU Blaster, to activate DFU mode in one click – Guilleaume Gète
• Microsoft macOS Conditional Access replaced in Jamf Pro 10.43 – Katie John, Jamf Blog
• Jamf Protect SSO with AzureAD with SAML – skartek.dev
• adespoton/utmconfigs: Config files for booting Mac OS 9 and OS X on UTM emulator
• How does Ventura check an app’s security? – Howard Oakley
• Guide: Creating a Signed Certificate – Tech IT Out
• Setting a user account to automatically log in using sysadminctl on macOS Ventura – Rich Trouton

Scripting and Automation

• Jamf Pro API and Apple’s Swift: Part 5, Building the SwiftUI App – Armin Briegel (blog post, series overview)

Updates and Releases

• Setup-Your-Mac 1.8.0 (blog post, v1.8.1rc)
• Baseline v1.0.0 (blog post)
• Outset 4.0 Beta 1 (blog post)
• ScreenNudge v1.7
• micromdm/nanomdm v0.5.0 ·
• Microsoft Adds Free Outlook Tier – Michael Tsai

To Watch

• Dutch Mac Admins Meetup at Xebia – AppleShare IT
• Deploying Apple Silicon Macs with DFU Blaster, MDS, and Apple Configurator – Twocanoes Software

To Listen

• Time Machine Blues – Command-Control-Power
• Inside Baseball: Getting What You Need From Product Managers – Mac Admins Podcast
• Current Mobile Security Landscape – Jamf After Dark
• What are the latest K-12 IT trends? – Apple @ Work Podcast, 9to5Mac

Just for Fun

• The cursed universes of Dana Sibera – Marcin Wichary

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators

This is the time of the year where we get regular updates for macOS, but not that many new features. It is also time where MacAdmins adopt the new versions, either by choice or because the 90 day deferral limit has expired for good a while back. This is a busy time for MacAdmins.

---

(Sponsor: Mosyle)

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.

---

We also got the second beta for macOS 13.3 and iOS 16.4 and Apple is testing the new Rapid Security Response technology again. It is encouraging that they are testing this “in the field” and hopefully that will make a big difference in reliability.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📸Focus

It is here! The second edition of the wonderful and encompassing guide to everything Mac and iOS management: Apple Device Management Second Edition by Rich Trouton and Charles Edge. Many congratulations to them!

• Rich Trouton’s announcement
• Charles Edge’s announcement
• Buy on Amazon , Apple Books, APress

🔐Security and Privacy

• Beware of macOS cryptojacking malware – Jamf Threat Labs
• Hunting for Honkbox: Multistage macOS Cryptominer May Still Be Hiding – Phil Stokes, SentinelOne
• iPhone users targeted in phone AND data theft campaign – Jovi Umawing, Malwarebytes Labs
• How a Thief with Your iPhone Passcode Can Ruin Your Digital Life – Adam Engst, TidBITS

🔨Support and HowTos

• Start with Your Story – William Smith, Jamf Tech Thoughts
• Providing Jamf Pro computer inventory information via macOS configuration profile – Rich Trouton
• Jamf Admin won’t dance the SaMBa anymore? – Brad T. Chapman
• Hacking Falcon Sensor Grouping Tags – Dan K. Snelson
• Automatically start and turn off a Mac… with a configuration profile – Guillaume Gète

🤖Scripting and Automation

• Use the forceNoRecon option of the jamf command – Guillaume Gète
• Resolve Package Dependencies in NoMAD 2 with carthage – Charles Edge
• How to Identify macOS Update History – Brian Van Peski

♻️Updates and Releases

• erase-install 29.1
• Outset 4.0 Alpha 3 (now hosted and signed on MacAdmins.io repo)
• Munki 6.2.1

🎧To Listen

• DuckDuckNo – Command-Control-Power
• webauthn and webauthn.io – Mac Admins Podcast

🎈Just for Fun

• Papercraft Models – Rocky Bergen
• 2023 M2 MacBook Pro Schematics – Basic Apple Guy

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Scripting OS X Weblog
• Weekly Email Newsletter (TinyLetter)
• Mastodon

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• macOS Terminal and Shell
• Moving to zsh
• Packaging for Apple Administrators