Addigy Reveals RSR Update Gap in 25% of Monitored macOS Devices

Addigy released a report showing that Apple’s RSR updates are not being installed on about 25% of macOS devices in managed environments. Know more.

Macbook connected to a Logitech mouse.
Image: Wes Hicks/Unsplash

Addigy, the makers of MDM Watchdog mobile device management software, released the report says today that Apple’s Rapid Security Response updates are not installed on about 25% of macOS devices in managed environments.

SEE: Stay up-to-date on the major cyber threats to macOS environments.


What are Rapid Security Response updates?

Rapid Security Response updates are the latest additions to Apple’s security update strategy for iPhone, iPad and Mac devices. These updates provide essential security fixes between regular software updates and ensure that security updates are delivered quickly to devices running iOS, iPadOS, and macOS.

While this strategy outperforms the traditional software update process in terms of speed and efficiency, Addigy found an unusual scenario that causes concern.

What is the root cause of the problem with Apple RSR updates?

In this latest discovery, Addigy noted that some macOS devices failed to apply the RSR update after the update was pushed, leaving it in what the company called a “stuck state.”

During Addigy’s research, the company discovered that the RSR implementation was not running as planned. Addigy has determined that the MDM client binary is unresponsive after executing the OSUpdateScan command, causing it to stop communicating with the Apple MDM framework. Consequently, an unresponsive MDM client on a device can delay necessary MDM operations, which can create vulnerabilities and affect the security of the device.

See also  deploy a Node.js improvement atmosphere on Ubuntu Linux 22.04

Of particular concern is the inability of MDM vendors to identify which machines are not performing RSR updates unless they manually inspect individual devices and enable the update. Relying on this manual approach shows that several MDM vendors were unprepared when Apple released the RSR updates a few weeks ago.

“Very few MDM vendors were prepared for RSR updates when they came out, and not many vendors have additional options to deploy the RSR process more granularly for users and devices,” noted Addigy Founder and CEO Jason Dettbarn.

Who may be affected by this Apple security news?

Apple has released its first and only RSR update package earlier this month. The release is intended for the latest versions of macOS, iOS and iPadOS. So, by default, Apple devices running on the latest versions of these operating systems are expected to be affected. However, according to Addigy’s research, this problem affects only a quarter of all macOS environments managed by MDM.

See also  The 2020-2022 ATM/PoS Malware Landscape

SEE: Get support in TechRepublic’s macOS community forums.

As a result, all MDM vendors and Apple users running the latest macOS are advised to audit their environments to ensure that the key RSR update is successfully deployed on all eligible devices.

Potential implications for Apple MDM vendors

This news has several implications for MDM vendors. For example, a recent Microsoft threat intelligence report showed how the new attack vectors work QuaDream spyware makers exploited a previously unknown vulnerability in Apple’s software; Apple’s MDM vendors need to up their game to ensure that security updates are applied not only correctly, but on time to the devices they manage.

Additionally, customers rely on MDM vendors to ensure the security and integrity of their devices and data. Failure to implement these RSR updates in a timely manner exposes users to security risks that may compromise the integrity and privacy of their data.

A consistent failure by MDM vendors to implement security updates can undermine customer confidence in their services, leading to reputational damage, lost business, and loss of customer loyalty.

See also  The right way to get better a person macOS file utilizing Time Machine

Possible solutions for this Apple security issue

TechRepublic offers six MDM solutions worth checking out. Three of the solutions are Citrix Endpoint Management, Microsoft InTune and Jamf Pro.

Additionally, Addigy is introducing a new utility, MDM Watchdog, to its customers to guarantee the successful execution of RSR updates on all machines. The purpose of the MDM Watchdog is to monitor the MDM framework on devices and take corrective action on devices that do not meet the required criteria.

In addition, MDM vendors can take the following steps to resolve issues with improper installation of updates on macOS, iOS, or iPadOS devices:

  • They can troubleshoot by reviewing device configurations and MDM profiles to make sure the settings are correct.
  • They can check network connectivity to ensure devices can access update servers, check update logs for error messages, and check device storage capacity to ensure there is enough space for updates.

If the problem persists, MDM vendors may recommend rebooting devices or asking users to manually check for and install updates.