Menu Close

macOS Ventura Rapid Security Response Extension Attribute

A Jamf Pro Extension Attribute to report the status of macOS Ventura’s new Rapid Security Response

Background

For a number of macOS versions, we’ve been reporting on the status of Install system data files and security updates.

macOS Monterey > System Preferences > Software Update > Advanced…

macOS Ventura introduces Rapid Security Response:

macOS 13 introduce a new mechanism to ship security fixes to users more frequently.

macOS Ventura > System Settings > General > Software Update > Automatic updates > Information (i)

Extension Attribute

The Extension Attribute below will report on the status of both the previous and latest versions of macOS.

#!/bin/sh
#####################################################################################
# A script to determine the status of the macOS Ventura 13 Rapid Security Response, #
# or "Install system data files and security updates" for earlier OSes.             #
#####################################################################################

result="Unknown"

cdiTest=$( /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist ConfigDataInstall 2>&1 )
case "${cdiTest}" in
    *"does not exist"   ) result="Enabled"  ;;
    0                   ) result="Disabled" ;;
    1                   ) result="Enabled"  ;;
esac

echo "<result>${result}</result>"

exit 0

Updates

31-Oct-2022

Thanks to Søren Theilgaard for pointing out that any Extension Attribute which reads a key / value pair inside of /Library/Managed Preferences/ is simply reporting back what a MDM Configuration Profile has already set, which is of little use.

On macOS 12, ConfigDataInstall lives inside of com.apple.SoftwareUpdate.plist and I was able to correct the code above.

On macOS 13, I can’t seem to find either ConfigDataInstall or allowRapidSecurityResponseInstallation in any com.apple.*.plist.

01-Nov-2022

The above Extension Attribute has been updated and another big thanks to Søren Theilgaard for confirming what we observed on closer inspection:

  1. The absence of the ConfigDataInstall key in /Library/Preferences/com.apple.SoftwareUpdate.plist indicates Rapid Security Response is enabled.
% /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist
{
    LastFullSuccessfulDate = "2022-11-01 09:47:23 +0000";
    LastSuccessfulDate = "2022-11-01 09:47:45 +0000";
    PrimaryLanguages =     (
        "en-US"
    );
}
  1. Only after Rapid Security Response is disabled does the ConfigDataInstall key in appear in com.apple.SoftwareUpdate.plist
% /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist
{
    ConfigDataInstall = 0;
    CriticalUpdateInstall = 0;
    LastFullSuccessfulDate = "2022-11-01 09:47:23 +0000";
    LastSuccessfulDate = "2022-11-01 09:47:45 +0000";
    PrimaryLanguages =     (
        "en-US"
    );
}
  1. The Extension Attribute does not need to differentiate between OS versions (i.e., 10, 11, 12, 13); the case statement was removed.
Posted in Extension Attributes, Jamf Pro, macOS, Scripts, Tips & Tricks

Related Posts