Safari 16.4.1 for macOS Monterey and Big Sur

sdagley
Esteemed Contributor II

Here are the direct Apple CDN download links for the Safari 16.4.1 update released today (2023-04-07) for macOS Monterey and Big Sur:

Monterey: https://swcdn.apple.com/content/downloads/13/10/032-71505-A_VXEPHZXHA7/cceqmuarwutena64ohro71ydpukpi...

Big Sur: http://swcdn.apple.com/content/downloads/47/23/032-72735-A_HUFOGBJPRZ/580izn9uc683ima5tc9fykya8lkbhk...

The macOS Ventura 13.3.1 update contains the Safari 16.4.1 update for macOS Ventura, and there is no standalone updater for it.

6 REPLIES 6

gabester
Contributor III

I just went to make a couple smart groups to get this done for my fleet to do an MDM Download and Install Updates push for devices that have checked in since yesterday. So... 

Iterated the smart group "macOS is Current" with the Operating System Version greater than 13.3 works correctly and shows me only Macs that have 13.3.1 installed. 

Iterated the smart group "Safari is Current" with the criteria Application Title is Safari AND Application Version matches regex ^(\d{3,}.*|[2-9]\d{1,}.*|1[7-9].*|16\.\d{2,}.*|16\.[5-9].*|16\.4\.\d{2,}.*|16\.4\.[2-9].*|16\.4\.1.*)$ - (as generated by the that Bill Smith bash script to match regex version number or higher for 16.4.1) but disappointingly it has ZERO members. Checked the Safari version on the 13.3.1 Macs already in my fleet - they're showing as only 16.4... sigh. (As an aside here why is Safari build version not yet a Jamf built-in attribute since Apple's repeatedly iterated just the Safari build without changing version number in the past for critical security updates? Yeah yeah I know I have made an EA to that myself... but for the purposes of this exercise let's say I'm stubborn and don't want to have to do that; indeed as it seems to be a critical part of getting Macs properly secured, that it should be included with Jamf Pro. Maybe I'll make a feature request... if someone else hasn't already... right after I get my fleet 100% patched.) 

Then I remember that my Macs' inventory has a Software Updates section, spot check a few Macs, and see that they're either showing Safari16.4.1BigSurAuto-16.4.1 or Safari16.4.1MontereyAuto-16.4.1 depending... but it takes me a little searching to figure out how to get those into criteria because there aren't obvious criteria choices like "Software Updates Available" or "Update Name"... I tried the less useful Number of Available Updates is 0 (zero) but that also resulted in no devices, and I already knew that I had some Macs running 13.3.1 so it should have at least shown them. Finally I discovered it, the criteria Available SWUs (we all know SWUs stands for SoftWareUpdates right?) 

I don't love this as a criteria for a group because not all my Macs are allowed to or successfully see software updates without some extra coaxing and effort... but it's better than nothing and it at least gives me the chance to get SOME of my straggling non-Ventura Macs updates. 

I usually use the "macOS/Safari is current" smart group as exclusions to a "Restricted Software" for Safari scoped to all computers... so for a variety of reasons the criteria of Available SWUs isn't great for that, and I'll end up having to fall back on that Safari Build EA once I figure out what the minimum version should be. 

How are the rest of you all dealing with the latest security updates? Hopefully comfortable enough to wait until Monday AM? 

AJPinto
Honored Contributor III

As usual, you are doing the work of Lord Jobs himself. Thank you for saving me from having to find this myself :P.

sdagley
Esteemed Contributor II

I think of it as a PSA since Apple doesn't provide KBs with installer links any more :-) 

This may be my last pre-Ventura update though as my entire active environment is now macOS 13.2.1 or later (modulo a small subset which should be updated by the end of the month). For anyone that wants to know where to find the pre-Ventura Safari update installer links - they can be found by downloading and scanning the contents of Apple's SUS catalog (https://swscan.apple.com/content/catalogs/others/index-13-12-10.16-10.15-10.14-10.13-10.12-10.11-10.... or by using @hjuutilainen 's SUS Inspector which does the downloading and scanning for you.

Mr_Meaves
New Contributor II

Are those supposed to be deployable packages as is, or should they be taken through a process first? Tried to deploy one and it shows it installed, but now the webpage keeps reloading when it attempts to go to any site.

sdagley
Esteemed Contributor II

Those packages should be deployable as is. Which version did you install, and on what version of macOS?

Mr_Meaves
New Contributor II

The monterey package to a device that had 12.6.3. It installed successfully, but then upon going to any website, it would constantly reload making the browser unusable. Ran the update to go to 12.6.5, still causing it. Cleared cache, tried disabling options in developer mode. Ran the installer again, it worked for about 5 minutes, then it went back to reloading constantly. Had this on 3 different computers. 1 the update to 12.6.5 fixed it, another updated to ventura to fix it, 3rd one isn't fixed, just switched user to Chrome.