How to force SUS updates + safari vulnerability question

Question

Hello All,

I am sure most of you have dealt with this already - how have you handled the safari vulnerability?
https://support.apple.com/en-us/HT205033
some sites say it can give you access to root/admin without the need for credentials

understandably, my company is a touch fearful.

I have 70+ people on my network that have one of those versions of safari.
How can I force a safari update if they are all touching our SUS server?
Is an OS update the choice?
Ideally an automated process would be used as people are unable/unwilling to do the self install of an OS.

We can also ask that they check their App Store for updates but the issue there also is that the machines are registered to an admin @apple.com account with admin credentials.

What would you guys suggest?

thanks!

stevevalle · Answer

Software updates can be run remotely using terminal commands. For example:

softwareupdate --list

will give an output of all updates available on the computer. My output from this command is:

Finding available software
Software Update found the following new or updated software:
   * iTunesX-12.3
    iTunes (12.3), 238528K [recommended]
   * OSXUpd10.10.5-10.10.5
    OS X Update (10.10.5), 795798K [recommended] [restart]

I can install this update two ways.

softwareupdate --install --all

which will install both OS X and iTunes, or

softwareupdate --install iTunesX-12.3

to install iTunes only. Running this command gives me:

Software Update Tool
Copyright 2002-2012 Apple Inc.

Finding available software

Downloading iTunes
Downloaded iTunes
Installing iTunes
Done with iTunes
Done.

You can do this with a policy. Files and Processes > Execute command.

Assign to all users on a recurring Check-in Trigger.

Hope this helps!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded