Wednesday, June 7, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Networking

Addigy exposes RSR update gap in 25% of managed macOS devices

Researcher by Researcher
May 25, 2023
in Networking
0
Addigy exposes RSR update gap in 25% of managed macOS devices
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Addigy released a report that Apple RSR updates are not being deployed in about 25% of macOS devices within managed environments. Learn about the root cause of this Apple security issue and possible ways to mitigate it.

A macbook connected to a Logitech mouse.
Image: Wes Hicks/Unsplash

Addigy, makers of mobile device management software MDM Watchdog, released a report today stating that Apple Rapid Security Response updates are not being deployed in about 25% of macOS devices within managed environments.

Jump to:

Related articles

Support for these Microsoft enterprise products ends in 2023

Support for these Microsoft enterprise products ends in 2023

June 6, 2023
How to join a node to a Docker Swarm

How to join a node to a Docker Swarm

May 27, 2023

What are Rapid Security Response updates?

Rapid Security Response updates are a recent addition to Apple’s security update strategy for iPhone, iPad and Mac devices. These updates deliver essential security patches between regular software updates and ensure the swift delivery of security updates to devices that run on iOS, iPadOS and macOS.

While this strategy is billed to surpass the traditional software update process in terms of speed and efficiency, Addigy has found an unusual scenario that calls for concern.

What is the root cause of this Apple RSR updates issue?

In this latest discovery, Addigy noted that some macOS devices failed to apply the RSR update after an update was pushed, ending up in what the company labeled the “stuck state.”

Must-read security coverage

During Addigy’s research, the company discovered the implementation of RSR was not running as intended. Addigy identified that the MDM client binary becomes unresponsive after executing the OSUpdateScan command, causing it to stop communicating with the Apple MDM Framework. Consequently, the unresponsiveness of the MDM client on a device leads to delays in executing necessary MDM actions, potentially creating vulnerabilities and impacting device security.

It’s particularly concerning that MDM vendors have no way to identify which machines are not implementing the RSR updates unless they manually examine each device and enable the update. Relying on this manual approach shows that several MDM vendors were unprepared when Apple released the RSR updates a couple of weeks ago.

“Very few MDM vendors were prepared for RSR updates when it was released, and not many vendors have the additional capabilities for more granularly means of deploying the RSR process for users and devices,” Addigy founder and CEO Jason Dettbarn noted.

Who may be affected by this Apple security news?

Apple released its first and only batch of RSR updates early this month. The release was intended to be delivered for the latest versions of macOS, iOS and iPadOS. So by default, Apple devices running on the latest versions of these OSs are expected to be affected. However, according to Addigy’s research, this issue affects only a quarter of all MDM-managed macOS environments.

SEE: Gain support from TechRepublic’s macOS community forums.

As a result, all MDM vendors and Apple users running the latest macOS are advised to audit their environments to ensure the crucial RSR update is successfully deployed to every eligible device.

Possible implications for Apple MDM vendors

This news has many implications for MDM vendors. For instance, a recent Microsoft threat intelligence report showed how new attack vectors credited to QuaDream spyware makers exploited previously unknown vulnerabilities in Apple’s software; Apple MDM vendors will need to up their game to ensure security updates are not only applied correctly in the devices they manage but also on time.

In addition, customers rely on MDM vendors to ensure the security and integrity of their devices and data. By not implementing these RSR updates in a timely manner, users are left exposed to security risks that could compromise the integrity and privacy of their data.

If MDM vendors consistently fail to implement security updates, it can erode customer trust and confidence in their services, which could lead to reputational damage, loss of business and decreased customer loyalty.

Possible solutions to this Apple security problem

TechRepublic provides a list of six MDM solutions worth checking out. Three of the solutions included are Citrix Endpoint Management, Microsoft InTune and Jamf Pro.

Also, Addigy is introducing a new utility called MDM Watchdog to its customers in order to guarantee the successful implementation of RSR updates across all machines. MDM Watchdog is designed to monitor the MDM framework on devices and take corrective actions for devices that do not meet the required conditions.

In addition, MDM vendors can take these steps to resolve issues relating to updates not being correctly installed on macOS, iOS or iPadOS devices:

  • They can troubleshoot the problem by reviewing device configurations and MDM profiles to ensure the correct settings are in place.
  • They can verify network connectivity to ensure devices can access the update servers, check update logs for error messages and examine device storage capacity to ensure sufficient space for updates.

If the issue persists, MDM vendors can suggest restarting the devices or asking users to manually check for updates and install them.



Source link

Tags: AddigydevicesexposesgapmacOSManagedRSRupdate
Share76Tweet47

Related Posts

Support for these Microsoft enterprise products ends in 2023

Support for these Microsoft enterprise products ends in 2023

June 6, 2023
0

Image: Pixabay Microsoft has a policy that limits application support to ten years for most products without a defined lifecycle....

How to join a node to a Docker Swarm

How to join a node to a Docker Swarm

May 27, 2023
0

Jack Wallen shows you the steps of joining new nodes to a Docker Swarm as a worker and manager to...

What Is IBM Hybrid Cloud Mesh?

Gartner releases 4 trends that will impact enterprises in 2023

May 27, 2023
0

Image: metamorworks/Adobe Stock Enterprise infrastructure and operations teams will have to cope with economic and geopolitical pressures as they pivot...

Dell Reveals New Edge as-a-Service Portfolio, NativeEdge

Dell Reveals New Edge as-a-Service Portfolio, NativeEdge

May 24, 2023
0

Dell also zeroed in on zero trust and introduced a modular deployment service as part of its new edge offerings....

Dell’s Project Helix Is a Wide-Reaching Generative AI Service

Dell’s Project Helix Is a Wide-Reaching Generative AI Service

May 24, 2023
0

Dell and NVIDIA joined forces to put generative AI into the hands of Dell's software-as-a-service customers. Image: Yingyaipumi/Adobe Stock Project...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023
Release date, price and more

Release date, price and more

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023

Recent Posts

Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023
Release date, price and more

Release date, price and more

June 7, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved