Sponsor
This issue of MacAdmins.news is exclusively brought to you by Mosyle, where High-Quality Apple Management & Security is made Surprisingly Accessible.
After helping thousands of organizations to migrate from other solutions to Mosyle, we've gained a unique perspective of all the concerns companies face when evaluating the migration of their Apple Management & Security solution. Based on this extensive knowledge, we've created the most comprehensive Migration Program in the Apple’s Management & Security market, addressing the most critical technical, financial, and strategic considerations involved in this pivotal decision. Check our website for more details!
Release Week
Obviously, macOS Tahoe 26.0 and all the 26 platform updates were released this week. We can finally stop wondering which version number of iOS matches which macOS version number. At least for current or future releases. You still have to keep track of which iPhone came with which iOS version and the number for the CPU is yet another... But, small steps.
Mac admins have been busy with many posts directly relevant to the releases. Thanks to all!
📰 News and Opinion
Mac Admins Foundation Awards Final 2025 Conference Grants for MacSysAdmin
The Mac Admins Foundation is thrilled to announce the award of our final 2025 Community and Conference Grants for MacSysAdmin.
Prepping For Jnuc 2025
Tony Young on Patch Notes and Progress
This October, I’ll be heading to Denver, Colorado, for the Jamf Nation User Conference (JNUC 2025). It’s a week that brings together community, learning, and all things new with Jamf
⚙️ Apple Updates
Apple Platform updates for September 2025
I posted my link summary for all the update information earlier this week on Scripting OS X.
macOS Tahoe 26.0 is UNIX 03 certified
For those who care...
I have always wondered which important contract requires this, so that Apple renews this certification for every update... (and why this particular certification)
FileVault on macOS Tahoe uses iCloud Keychain to store its Recovery Key
In macOS 26 Tahoe, Apple has updated how it manages encryption keys in FileVault,
Swift 6.2 Released
From improved tooling and libraries to enhancements in concurrency and performance, Swift 6.2 delivers a broad set of features designed for real-world development at every layer of the software stack.
macOS 26.0 Tahoe build 25A354 is incompatible with Mac Studio M3 Ultra
If you have a Mac Studio M3 Ultra and want to upgrade it to run macOS 26.0 Tahoe, then I’m afraid you’re going to have wait for Apple to build a new release that will install on your Mac.
Apple is making MDM migration so much easier
migrating between services has always been challenging. That will change with the release of Apple’s upcoming operating systems, which should make it easier to move between MDM platforms
macOS 26: Seamless Apple Device Management Migration
For the first time, organizations can move iPhones, iPads, and Macs from one Mobile Device Management (MDM) solution to another—without wiping the device or resorting to complex, manual processes.
If your Mac says that it encountered an issue while starting
The recovery system in macOS Tahoe 26 or later includes Recovery Assistant, a utility designed to open automatically when your Mac has an issue that prevents startup. Recovery Assistant attempts to identify the issue and resolve it.
Customising folders in Tahoe
macOS 26 Tahoe has many smaller enhancements to make life easier. Among them is a novel way of customising folder icons, as explained here.
Managing Safari settings on macOS Tahoe using Blueprints in Jamf Pro
Rich Trouton on DerFlounder:
One of the management options Jamf Pro provides with Blueprints for macOS Tahoe is using DDM declarations to manage settings which can used by Apple’s Safari web browser.
Managing Safari bookmarks on macOS Tahoe using Blueprints in Jamf Pro
Rich Trouton on DerFlounder
One of the management options Jamf Pro provides with Blueprints for macOS Tahoe is using DDM declarations to manage the bookmarks which can used by Apple’s Safari web browser.
Managing the desktop widget setting on macOS Tahoe
Rich Trouton on DerFlounder:
Every so often, something gets added to macOS and enabled by default where I wish it was off by default. In macOS Tahoe, that’s the appearance of desktop widgets automatically on login.
FireWire support removed from macOS Tahoe
Rich Trouton on DerFlounder
As part of the release of macOS Tahoe 26.0, Apple has removed built-in support for FireWire devices from macOS.
Suppressing the FileVault screen with a configuration profile on macOS Tahoe
Rich Trouton on DerFlounder:
as of macOS Tahoe 26.0 is the Your Mac is Ready for FileVault screen, which asks if you want to enable FileVault if it is not already enabled.
You should be managing FileVault to be turned on at enrollment, but if you can’t, this might help.
🔐 Security and Privacy
Finding Vulnerabilities in Apple Packages at Scale
We’ve written about package vulnerabilities before, but let’s revisit why vulnerabilities in Apple-signed packages can be devastating.
How does Gatekeeper know if an executable is Notarized?
After Apple processes the request developers have two options: staple the resulting ticket to their executable or they can choose to not do this and rely on Gatekeeper to perform an internet lookup via the the com.apple.gk.ticket-delivery endpoint (… as we’ll see below). Gatekeeper’s use of this endpoint is our primary topic of conversation today.
Two Mobile Apps Leak User Credentials and PII Over Unencrypted HTTP
Two mobile apps available for download are leaking personally identifiable information.
From Spotlight to Apple Intelligence
Malicious Spotlight plugins can leak bytes from TCC-protected files. And while the core bug was publicly disclosed almost a decade ago, it's still present in macOS 26!
🔨 Support and Tutorials
How To Hold macOS User Identity in 2025
what does modern identity look like on macOS? More broadly, what does cloud managed identity look like on all endpoints for now and future?
Solving Dropbox Post-Install Issues with Installomator and Jamf Pro
Marriott Library - Apple Infrastructure
deploying Dropbox through Installomator in Jamf Pro presents a common challenge. One particular issue arises when it comes to handling the DropboxHelperInstaller and preventing constant administrator privilege prompts.
Continue To Sync Passwords with Jamf Connect and Jamf School · CantScript
if you’ve recently deployed Jamf Connect’s latest version while building a new Mac, you might have been confused to find that although the Login Window experience is what you expected, you know longer have the menu bar app and can’t find the app in your Applications folder either
🤖 Scripting and Automation
shell-heredoc
shell-heredoc is a VS Code extension that provides syntax highlighting within bash/shell heredocs based on the delimiter tag.
Set Account Pictures via Jamf Connect
Kyle Ericson on Jamf Tech Thoughts:
This guide will walk you through setting the local macOS account pictures for end-users via Jamf Connect
🎧 Listen
Adventures in Affiliate Limbo and the $37 Jackpot
the hosts discuss their patron-only content, focusing on tech insights they share for members. They delve into affiliate marketing with Amazon, highlighting successes and challenges.
Parallels Desktop 26 makes it easier for IT to deploy and manage virtual machines
Alex Patsay and Aleksandr Sursiakov from the team behind Parallels Desktop 26 as we talk about the latest features for end users and IT teams alike.
Flashcast 16: Awe Dropping
Apple’s released a gaggle of new hardware today. What’s on the release list? What do we make of the new models? Let’s dive in and figure it out.
Jamf After Dark: What to Expect at JNUC 2025 in Denver
Jeff Ovik and Kelsey Dahl — Senior Event Specialists at Jamf — to talk about the upcoming Jamf Nation User Conference