Security management is an important matter in the daily management of IT, we know that various versions of the system may have security holes, hackers may develop corresponding malware according to the security holes, endangering the safety of user data or illegal extortion. There have been heavyweight viruses like Panda Burning and WannaCry, which affected many industries such as finance, energy, and healthcare globally, causing a serious crisis to the security of the society and people’s livelihood.
Although there has not been a similar serious virus event on Mac, as long as there are system security holes, it is possible to be hacked or others to take advantage of the wrongdoing. Therefore, it is also necessary to know the OS version installed on the current user’s computer and the confirmed vulnerabilities of each version.
Once a firmware lock has been added to a Mac, any attempt to boot from a non-default system will result in the user being asked to enter the firmware password to gain access to the recovery partition, single-user mode, network boot, etc. This prevents others from accessing the Mac via single-user mode, which can be exploited by hackers or others. This prevents others from gaining full access to the computer and stealing important data by creating a new administrator or resetting the user account password through single-user mode or entering the recovery partition.
However, macOS 10.13.4 has a security vulnerability, even if the Mac has a firmware lock, the single-user mode is not protected by the firmware password, which means that users can easily enter the single-user mode. This was a risk for the security department, and it was up to the IT department to get the update and apply it to the affected endpoints in the first place.
Apple soon discovered the problem and promptly released an update to address the security vulnerability. The IT department needs to know exactly which devices are running the affected OS version, and issue the update in time to keep track of the installation status of the update. What can IT do with Jamf Pro?
Thanks to the very detailed inventory information of each terminal recorded in Jamf Pro, and the inventory information can be updated at regular intervals or at any time, administrators can quickly get all the devices that do not have the latest patch installed, make an update plan for these devices, and set up an update plan to upload the latest inventory information to Jamf Pro after the update is completed, so that administrators can keep abreast of the update dynamics, and thus achieve complete mastery of the status of the devices. The latest inventory information can be uploaded to Jamf Pro after the update is completed, so that administrators can keep abreast of the updates and have a complete overview of the status of the devices.