Sponsor
This issue of MacAdmins.news is exclusively brought to you by Mosyle, where High-Quality Apple Management & Security is made Surprisingly Accessible.
After helping thousands of organizations to migrate from other solutions to Mosyle, we've gained a unique perspective of all the concerns companies face when evaluating the migration of their Apple Management & Security solution. Based on this extensive knowledge, we've created the most comprehensive Migration Program in the Apple’s Management & Security market, addressing the most critical technical, financial, and strategic considerations involved in this pivotal decision. Check our website for more details!
"This Time Last Week"
I am going off-topic for a moment. Please bear with me.
This time last week, while I was putting together this news summary, I was utterly distracted by a natural disaster unfolding in a place we used to call home. You have probably heard that the Los Angeles area was hit hard by two major and several smaller wildfires. This is very personal to me, since we lived in Altadena from 2010 to 2015. Altadena has been devastated by the Eaton fire. The house we used to own and live in is one of the several thousand that were lost.
We might have dodged this particular bullet. (Can you even say 'dodged' when you left nine years ago?) However, we still have many friends in the area who have lost their home or are otherwise affected. While pouring over the footage trying to determine which areas, restaurants, and stores were lost to fire, we tried to imagine how it would feel to fear about your home with everything in it. How would it feel when you learned for certain it was gone? Just imagining it was terrifying.
Our wonderful friends, Jessica and Jeff, aren't merely imagining any more. Their house, in which we have spent countless days and evenings sharing good food and drinks, talking and laughing while watching movies and playing board games, has burnt down. Jeff has shared some of their experiences:
Jess and Jeff have a GoFundMe to help them through the difficult times ahead.
There are at least two members of the MacAdmin community that have also lost their homes to these fires and they also have GoFundMe pages. Jeff and Adam actually met at the same hotel during the evacuation!
If you are able, please consider supporting these families as they rebuild what they have lost. I will be splitting up the sponsor income for this month among them and other local charities. Thank you!
⚙️ Apple Updates
- tvOS 18.2.1: About, no security notes
🔐 Security and Privacy
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.
Potential Stealer: Purrglar in Progress
This stealer, which we're calling Purrglar, focuses primarily on capturing Chrome and Exodus wallet-related files. What is most interesting is the use of the Security Framework APIs to query the macOS Keychain.
iMessage text gets recipient to disable phishing protection so they can be phished
“(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)”
🔨 Support and Tutorials
What's involved in getting a "modern" terminal setup?
My immediate reaction was “oh, getting a modern terminal experience isn’t that hard, you just need to….”, but the more I thought about it, the longer the “you just need to…” list got, and I kept thinking about more and more caveats.
How to Configure Jamf Pro SMTP with Google Authentication
Configure Jamf Pro to use Google Authentication for SMTP enhances security, ensures compliance, and simplifies management, all while aligning with Google’s modern authentication framework.
Unlocking Declarative Device Management (DDM) | JD Strong
(Updated post)
We will look at the available DDM profiles, how to create, deploy, and verify DDM profiles.
Activation Lock: How Apple Admins Can Manage It
You get the greatest control over Activation Lock when MDM is in place and the device is supervised from the very beginning of its lifecycle. This means you should use Apple Business Manager and Automated Device Enrollment whenever possible, and thoroughly check the settings configured in your MDM solution for how Activation Lock will be managed (or not)
Supporting Microsoft Active Directory Strong Certificate Mapping Requirements
how to update certificate settings in computer or mobile device configuration profiles to comply with Microsoft's Active Directory strong certificate mapping requirements.
From Huh to H.E.R.O
Matt Jerome on Jamf Tech Thoughts
At some point in your career as an Apple Admin, you’ve (most likely) inherited a Jamf instance and said either to yourself or out loud, “Huh, I wonder why they did that. I certainly wouldn’t do it that way”
🤖 Scripting and Automation
johncwelch/UTI-Listing
In the process of building my script to bridge PowerShell and Apple's Choose File AppleScript command, I realized I'd created a very large list of filename extensions/file types and Type Identifiers. So what the hell, may as well share it with folks.
Generating randomized long usernames for Jamf Pro standard user accounts
Rich Trouton on DerFlounder
One of the options available in Jamf Pro is creating user accounts which are specific to a Jamf Pro instance. These user accounts can be used for a variety of purposes, including service accounts and emergency use admin accounts for Jamf Pro’s failover functionality for SSO.
🎧 Listen
iMazing is Amazing
Ari from iMazing joins the podcast to talk about iMazing Profile Editor, a tool near and dear to Mac Admins for its wide understanding of the MDM Specification and ability to create signed profiles easily for distribution in the MDM of your choice.
The new rules for AI and encrypted messaging, with Mallory Knodel
The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up.
Mac mini M4 comes to the data center
Eric Bickford from MacWeb about their recent addition of the M4 Mac mini to their cloud hosting plans.
Unpacking Jamf AI — The revenge of Spicy Clippy
Learn as co-hosts Kat Garbis and Sean Rabbitt, Jamf’s Matt Benyo, Manager of AI Initiatives and David Pryce-Compson, Director of Data Sciences talk about Jamf’s AI program and strategy.