You do not have to be running Sonoma to get security patches. Ventura and Monterrey are both receiving security updates.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Configurator Issue Will Be Fixed in Future macOS Sonoma Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple does not promise to patch all security holes in any version of the O/S except the latest. Even their own security document calls that out:
Code:
The most recent versions of Apple operating systems are the most secureSystem security overview
Apple maximizes its operating system security without affecting usability—from boot-up, to software updates, to the online operating of the operating system.
support.apple.com
While Apple does patch older O/S for some security issues, some security patches may never be patches do to changes in the O/S.
My thoughts exactly, not too many people should have discovered this the hard way. Does make me wonder how much they test it anymore though. Kind of a big one to slip through until final release.
Most OS are "stable" in August the following year of release, as they then transition to the next beta sold as final on their also beta sold as final products.No one should be running Sonoma until at least the 14.3 release.
Here is the problem about saying you should wait until .3 release. Apple does not give us Mac Admins the ability to block updates for any longer than 90 Days. So 90 Days after 9/26/2023 is Dec. 25th, 2023 (Merry Christmas to all Mac Admins!) As of that date, regardless of the software deferrals I have deployed, users will be able to freely download and install macOS Sonoma on their box. And, what is worse, is they will see 14.0, not what ever is the latest release is the current.
And, I take it you have never dealt with End Users. Some see the nice shiny upgrade badge and go straight for it. Once the update is available, they will update. Others ignore badges like they are poison. For minor updates I have use a 3rd party tool to encourage (i.e. force) my users to update.
Apple swears that they have FINALLY fixed managed software updates in Sonoma. We will see.
You are aware that it is not possible to block the upgrade more than 90 days? And since Apple have a hard time deciding what is a "major" or a "minor" update (yes, some .X-updates are considered major), blocking "major" updates for 90 days is not a viable solution unless you want your fleet to go without important security updates.
And "deploying" is not really how you do it anymore, I guess you don't work with managing macs at all and so, your opinion doesn't really have any validity.
If only there was an advanced 'network' solution that makes this concern nothing more than a tell that there are knowledge gaps here...
Oh wait, there is, it is called "content caching" and it is built into every mac - so that ONE download can serve EVERY device. I even do it on my home network with a 2014 mac mini.
Bringing an iPad to be plugged into a mac to update apps via configurator to 'save bandwidth' would be the most idiotic policy ever.
I am intrigued where you get the .ipa files you mentioned using though and keep them updated. But also wonder if it actually helps to re-download a new version of, say, a 2GB game when the delta update might only be 100MB and so you'd have to have 20 devices to 'break even' on that update...
You can go on and live your life your way while I do the same.
Meanwhile most of the apps that I use have a much smaller size downloading via configurator than the app store on iOS.
For example, USAA 9.16.3.ipa is 146.1 MB via configurator while app store is 163.1 MB.
Mario Kart 3.4.1.ipa is 191.5 MB vs 231.1 MB.
Night Sky 12.0.1.ipa is 699.3 MB vs 1.1 GB.
Even apps from Apple are the same:
iMovie 3002.ipa is 580.2 MB vs 693 MB.
Clips 3.1.5.ipa is 182 MB vs 222.7 MB.
I understand delta updates, perhaps you are thinking of iOS updates and not apps.
Another difference is that I get to keep the ipa files instead of at the mercy of the app store.
Last edited:
You have "proven" your personal situation. Obviously, if someone likes to spend time on complicated software management, it can be an advantage. But I guess there are just not that many people who would prefer that to a decent internet connection. I can therefore understand that it is not a priority for Apple.
Still unnecessary and I have clearly proven that your assumption is wrong.
Again, the ipa from Configurator are far smaller in file size.
Sorry if this appears combative in text, but perhaps make sure you're correct before you suggest someone is wrong? Apps also have delta updates - Reduce the size of app updates
Perhaps you shall look up the apps that I have already mentioned.
I even went the length of looking up the file size and app version number for a clear picture.
Evidently, the app developers were not doing the delta including Apple FFS.
I'm curious how you looked up the size of updating - for example - Night Sky from 12 to 12.0.1 on an iOS device.
It looks like you're measuring the size of downloading the full app - as you would do from scratch, or using configurator - rather than considering the point of delta updates that much of the app is already downloaded.
