A macbook connected to a Logitech mouse.
Image: Wes Hicks/Unsplash

Addigy, makers of mobile device management software MDM Watchdog, released a report today stating that Apple Rapid Security Response updates are not being deployed in about 25% of macOS devices within managed environments.

Jump to:

What are Rapid Security Response updates?

Rapid Security Response updates are a recent addition to Apple’s security update strategy for iPhone, iPad and Mac devices. These updates deliver essential security patches between regular software updates and ensure the swift delivery of security updates to devices that run on iOS, iPadOS and macOS.

While this strategy is billed to surpass the traditional software update process in terms of speed and efficiency, Addigy has found an unusual scenario that calls for concern.

What is the root cause of this Apple RSR updates issue?

In this latest discovery, Addigy noted that some macOS devices failed to apply the RSR update after an update was pushed, ending up in what the company labeled the “stuck state.”

During Addigy’s research, the company discovered the implementation of RSR was not running as intended. Addigy identified that the MDM client binary becomes unresponsive after executing the OSUpdateScan command, causing it to stop communicating with the Apple MDM Framework. Consequently, the unresponsiveness of the MDM client on a device leads to delays in executing necessary MDM actions, potentially creating vulnerabilities and impacting device security.

It’s particularly concerning that MDM vendors have no way to identify which machines are not implementing the RSR updates unless they manually examine each device and enable the update. Relying on this manual approach shows that several MDM vendors were unprepared when Apple released the RSR updates a couple of weeks ago.

“Very few MDM vendors were prepared for RSR updates when it was released, and not many vendors have the additional capabilities for more granularly means of deploying the RSR process for users and devices,” Addigy founder and CEO Jason Dettbarn noted.

Who may be affected by this Apple security news?

Apple released its first and only batch of RSR updates early this month. The release was intended to be delivered for the latest versions of macOS, iOS and iPadOS. So by default, Apple devices running on the latest versions of these OSs are expected to be affected. However, according to Addigy’s research, this issue affects only a quarter of all MDM-managed macOS environments.

SEE: Gain support from TechRepublic’s macOS community forums.

As a result, all MDM vendors and Apple users running the latest macOS are advised to audit their environments to ensure the crucial RSR update is successfully deployed to every eligible device.

Possible implications for Apple MDM vendors

This news has many implications for MDM vendors. For instance, a recent Microsoft threat intelligence report showed how new attack vectors credited to QuaDream spyware makers exploited previously unknown vulnerabilities in Apple’s software; Apple MDM vendors will need to up their game to ensure security updates are not only applied correctly in the devices they manage but also on time.

In addition, customers rely on MDM vendors to ensure the security and integrity of their devices and data. By not implementing these RSR updates in a timely manner, users are left exposed to security risks that could compromise the integrity and privacy of their data.

If MDM vendors consistently fail to implement security updates, it can erode customer trust and confidence in their services, which could lead to reputational damage, loss of business and decreased customer loyalty.

Possible solutions to this Apple security problem

TechRepublic provides a list of six MDM solutions worth checking out. Three of the solutions included are Citrix Endpoint Management, Microsoft InTune and Jamf Pro.

Also, Addigy is introducing a new utility called MDM Watchdog to its customers in order to guarantee the successful implementation of RSR updates across all machines. MDM Watchdog is designed to monitor the MDM framework on devices and take corrective actions for devices that do not meet the required conditions.

In addition, MDM vendors can take these steps to resolve issues relating to updates not being correctly installed on macOS, iOS or iPadOS devices:

  • They can troubleshoot the problem by reviewing device configurations and MDM profiles to ensure the correct settings are in place.
  • They can verify network connectivity to ensure devices can access the update servers, check update logs for error messages and examine device storage capacity to ensure sufficient space for updates.

If the issue persists, MDM vendors can suggest restarting the devices or asking users to manually check for updates and install them.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays