Customer Inspections Uncover a Quarter of macOS Devices Won’t Accept MDM Updates; Addigy Rolls out Watchdog Utility to Ensure All Machines Enable Patches
MIAMI, FL – May 24, 2023 – Addigy, a leading provider of Apple device management solutions, today announced that it has found that Apple Rapid Security Response (RSR) updates are not being deployed in up to 25 percent of macOS devices within managed environments. RSR is a mechanism that allows Apple to deliver security updates to macOS devices more quickly than traditional software updates.
Addigy’s clients have hundreds of thousands of macOS and iOS devices under management. Inspections of customer environments have definitively shown that some macOS devices end up in a ‘stuck state’ after an update is pushed, but the update is never implemented. More concerningly, there is no way for IT departments to know which machines are not implementing RSR updates without manually inspecting each machine and enabling the update, and this doesn’t just impact updates. Still, any MDM action on the device will also no longer be possible.
MDM commands and frameworks are increasingly used for device management and protection, so the health and responsiveness of the macOS MDM stack on the device is critical. Addigy discovered the RSR wasn’t being implemented after finding that the MDM client binary gets stuck after executing the OSUpdateScan command and stops communicating with the Apple MDM Framework that Addigy follows. If the MDM client on the device is unresponsive, necessary MDM actions are delayed, leading to potential security vulnerabilities in this critical RSR case.
Based on Addigy’s research, the issue is systemic and affects a quarter of all MDM-managed macOS environments. iOS and iPadOS devices do not seem to be affected by this. As a result, all MDM vendors and customers are encouraged to audit their environments to ensure the critical RSR update is making its way onto every eligible machine under management.
macOS and iOS devices are increasingly becoming the machines of choice for workers. Some proof points include:
- According to analyst research firm IDC, the penetration of Mac devices in the market is roughly 25 percent;
- Some of the world’s most innovative companies deploy Mac at scale, including Salesforce, SAP, and Target.
“Our customers are in the healthcare industry, which is highly regulated, and as a result, all of our machines must have the latest versions of any security software installed and running to prevent data leaks, intrusions, or other disruptive events,” said Dan Lowry, Sr. IT Administrator, Forian. “Our Apple-based end-points are critical to the trust our clients put in us and for our employees to be as productive as possible. We’ve been testing the Addigy MDM Watchdog Utility to ensure none of our machines miss applying an update. Only tools like Addigy can fix MDM when it’s in a broken state like this, as it’s entirely unresponsive.”
Addigy Implements MDM Watchdog Utility
To ensure all machines receive and implement RSR updates, Addigy is rolling out a new MDM Watchdog Utility to its customers. MDM Watchdog monitors the MDM framework on devices and automatically remediates those in which the condition was found. The Addigy MDM Watchdog feature will automatically monitor and ensure the devices are in a healthy state and communicating properly to ensure Updates and other critical MDM functionality operate when IT Admins need them, such as applying an emergency security patch like the RSR update.
“The stuck state condition we discovered within our customers’ environments affects one out of every four devices, so the impact to macOS environments in any enterprise is likely the same,” said Addigy CEO Jason Dettbarn. “We are committed to keeping our customers’ macOS devices secure. The MDM Watchdog Utility is a critical tool to ensure all of our customers’ devices are automatically updated with the latest RSR and every future update.”
The MDM Watchdog Utility is available now to all Addigy customers. Addigy will also release a MDM Watchdog Utility that is free to customers of all MDM vendors within the next three weeks.
To learn more about the MDM Watchdog utility, read the latest blog.
Escalate PR for Addigy