Sponsor
This issue of MacAdmins.news is brought to you by SimpleMDM, a powerful Apple MDM.
SimpleMDM is the ultimate mobile device management solution for managing and securing Apple devices at scale. With powerful configuration options and advanced features, including a hosted Munki integration and developer API, IT teams can achieve deep customization and workflow automation for real-time fleet visibility. Start your free 30-day trial today to unleash the full potential of your Apple devices.
📸 Focus
2024 iPads and M4
At the "Let Loose" event earlier this week, Apple introduced new iPads Air with 11" and 13" displays, new iPads Pro with M4 chip.
They also made sure that everyone that Apple silicon chips are really great for "AI" and machine learning by repeating it over and over. Be prepared for a lot of this at WWDC.
The release of the M4 chip generation only a few months after the M3 chips is quite surprising. (although it was predicted by Mark Gurman last week) The M4's benchmarks are quite impressive.
The iPad family (and all of Apple's major device families) now spans from the A14 (first released in 2020 with the iPhone 12) in the "plain" iPad 10th generation, over the A15 in the iPad mini, M2 in the iPads Air, to the M4 in the iPad Pro. Apple seems quite comfortable to keep using "older" chip generations in their low-end products.
Minor notę: the boxes for the new iPads will no longer include Apple stickers. While I appreciate that most will just throw these in the trash and appreciate the reduction of waste, it does seem like the end of an era.
📰 News and Opinion
Why In-App Purchases Don't Work for the Enterprise
It’s kinda odd that on one end Apple is pushing devs to move to a subscription model but on the other end, that model is incompatible with Apple Business Management
The main focus on complaints about Apple's App Stores are about the 30% "tax" and the vagaries and inefficiencies of the review process. But the enterprise/education features (or lack thereof) are another area which has been tremendously neglected for years with no progress in sight.
The Apple Stores must be a significant fraction of Apple's Services revenue and profits, something which they are obviously paying a lot of attention to. The lack of progress here, seems just baffling.
An incomplete list of skills senior engineers need, beyond coding
For varying levels of seniority, from senior, to staff, and beyond.
Older post, but new to me.
⚙️ Apple Updates
- Apple Platform Security: Welcome, Document revision history
🔐 Security and Privacy
Easy Root Privilege Escalation in Apple macOS Ventura, Sonoma, Monterey
A new local privilege escalation vulnerability has been discovered in macOS which could allow any user to escalate their privileges to root by mounting filesystems using “diskutil” command line utility.
macOS Cuckoo Stealer: Ensuring Detection and Defense as New Samples Rapidly Emerge
Since the initial report on the emergence of this family of malware on April 30, we have seen a rise in new samples and trojanized applications from the four originally reported by Kandji to 18 unique trojanized applications at the time of writing, with new samples appearing daily.
🔨 Support and Tutorials
Platform SSO for macOS: A Deep Dive into Configuration
This blog post will serve as your guide to configure & troubleshoot Platform SSO for macOS with Microsoft Entra ID.
Check for unpatched CVEs on Mac with Jamf Pro using SOFA
Here, I describe how to use an extension attribute script in Jamf Pro to show if there are any unpatched CVEs and if any of those are zero-day exploits.
Investigating unpatched CVEs with osquery and SOFA
Of course, my mind immediately jumped to “this would be a great osquery table”, so the macadmins osquery extension was updated this week to include tables for both the security release information for macOS (sofa_security_release_info) and unpatched CVEs (sofa_unpatched_cves).
Kandji Packages: Create and Update Custom Apps via API
building a workable solution on top of APIs can be a technically complex, time-intensive project. That’s why we’re excited to share two new open-source frameworks
Defining launch environment and library constraints | Apple Developer Documentation
You define launch environment and library constraints in constraint dictionaries that you either save in launchd property list files, or in separate property list files that you use in code signing.
How does Sonoma check an app before launch?
Most major versions of macOS bring changes to the checks made on apps before they can be launched, and Sonoma is no exception.
Fix for Safari crashing on macOS Sonoma when selecting Manage Website Data option
Instead Safari crashed.
🤖 Scripting and Automation
Flexli Workflows Preview
Flexli was designed from the ground up to enable highly customized API automation that could be templated and shared within IT communities.
Creating Static Computer Groups from Policy Failure Logs in Jamf Pro
the following multi-step process may help Jamf Pro administrators zero-in on policy failures.
Entra ID: macOS Picture Sync, maximizing User Experience Across Platforms
On a Windows computer, the user account picture is pulled from Entra and set as the user account picture, this does not happen natively on Mac.
♻️ Updates and Releases
Platform SSO for macOS now in public preview
Platform SSO for macOS is available in public preview with Microsoft Entra ID.
🎧 Listen
ACES Conference with Justin Esgar
Justin Esgar returns to the pod to tell us all about the upcoming ACES Conference in Salt Lake City!
Interview with Michael Thomsen of Origin84
Michael Thomsen, founder of Origin 84 sits down with us once again to have a long overdue conversation.
Layers and layers of security
Gary Orenstein from Bitwarden about their recent survey about using passwords across the industry.