Zombieloadattack and force updating MacOS

10.14.5 was released today. At the same time news of a brand new vulnerability that can get low-level access to your Macs memory. Well not all Macs, but if it was built in the last 10 year basically.  But wait there is more! The awesome thing about it is that it’s can be done when you are visiting a website.

Here is some more info about it -> https://zombieloadattack.com

This means I need to deal with this update quickly. We had the policy to delay updates so we will need to rethink it.

 

Here is the plan of action for tomorrow:

 

First I would really like to thank my previous self and our team for setting up Jamf last year so we don’t need to run around now.

 

1. Smart group – Macs not upgraded to 10.14.5.

2. Policy – Create an APFS snapshot for rollback, just in case. Trigger next policy

3. Policy – cache the MacOS installer on the client machine.

4. Smart group – Macs that have the finished caching the latest update package. Assign to the next policy.

5. Policy – give a popup every 4 hours to the users to save their work, close all apps and run the update. Let them know why we are doing this and that it might take 30 min.

 

I do have a few questions for you guys:

How are you dealing with urgent updates?

Where do you get your security news?

 

UDPATE – Created a follow up article:

https://macadmins.co.il/2019/05/17/zombieloadattack-and-force-updating-macos-part-2/