macOS security updates available Wednesday, Feb. 2

Dear Mac users,

 

WHAT ARE WE DOING?

Computing will be enabling security updates for Fermilab-owned centrally managed Macs running macOS Monterey v12, Big Sur v11, and Catalina v10.15.

For additional information about macOS updates, please see https://fermi.servicenowservices.com/kb_view.do?sysparm_article=KB0011722

WHEN WILL THIS OCCUR?

Wednesday, Feb. 2

WHAT IS THE IMPACT TO YOU?

Alerts announcing the availability of the security updates for manual installation will appear on your screen.

WHAT DO YOU NEED TO DO?

  • Proceed with the installation when the alert appears on your screen.
  • If an alert does not appear, you can check for updates manually by clicking “Software Update” in “System Preferences.”
  • If you do not receive the alerts and the security updates do not appear after the software update check, please contact the Service Desk for assistance.
  • If you use a Fermilab-owned centrally managed Mac running Big Sur or Monterey, as communicated on Jan. 31, the macOS updates notification software Nudge will be installed on your Mac on Feb. 9. You can start the security update by clicking the “Update Device” button in the Nudge notification window, which will launch “Software Update” in “System Preferences.” Deferrals are allowed until March 2, at which point the Nudge notification window will appear in front of all your open applications and you will not be able to close it to defer the update any further.
  • Automatic update installation on Macs running macOS Catalina will begin on March 2.

 

If you have customized the configuration of your Mac to allow incoming SSH:

  • Some updates from Apple may overwrite existing macOS system configuration files. This may cause a Mac with certain custom configurations to violate OS Baseline and be blocked from the network. macOS Catalina updates initiated through Jamf Self-Service will back up the existing SSHD configuration file and turn off remote login (inbound ssh). You will need to review the SSHD configuration file to ensure compliance before turning on remote login (inbound ssh).

 

If you use Apple’s built-in macOS software update to install Apple updates and have configured your Mac to allow incoming SSH:

  • It is recommended that you back up your SSHD configuration file and disable incoming SSH before installing the update.

 

For additional information about configuring Kerberos, SSH and SSHD, please see https://fermi.servicenowservices.com/kb_view.do?sysparm_article=KB0011294