Help

Security Update 2016-001 El Capitan & Security Update 2016-005 Yosemite

jasontucker
New Contributor

Posted on ‎09-02-2016 02:06 PM

I noticed in previous security updates someone has taken the time to start a thread about the matter and way to go about deploying it. Since I haven't seen that yet today I thought I'd start one to get the ball rolling.

0 Kudos
Reply
10 REPLIES 10

rderewianko
Valued Contributor II

Posted on ‎09-02-2016 02:10 PM

The build #'s for both 10.10.5 and 10.11.6 change after this security upgrade.
10.11.6 becomes: 15G1004
10.10.5 becomes: 14F1912
If you do a search for machines not these builds and apply your preferred method of updating to that you should get them all.

No official word on 10.9.5 yet.

0 Kudos
Reply

RobertHammen
Valued Contributor II

Posted on ‎09-02-2016 03:21 PM

This is what works for me for 10.11.6. For 10.10.5, use that + build 14F1912.

8d51374cf5d84011b6a752a21a4e48a3

0 Kudos
Reply

andyinindy
Contributor II

Posted on ‎09-02-2016 04:29 PM

@RobertHammen, do you know if the OS build number gets updated immediately after applying the update, or is a reboot needed?

0 Kudos
Reply

RobertHammen
Valued Contributor II

Posted on ‎09-02-2016 05:03 PM

@andyinindy I know that /System/Library/CoreServices/SystemVersion.plist gets updated immediately after the install. The relevant key (for /usr/bin/defaults read) is ProductBuildVersion

You might want to try running this on a Mac, then forcing a recon/inventory update before reboot, to see if it reports the new version before the restart. I think it will. Of course, most security updates tend to make the Macs unstable/unable to authenticate/potentially unable to open apps, so you should do a restart as part of the policy.

Manual package installer for 10.11.6: https://support.apple.com/kb/DL1891?viewlocale=en_US&locale=en_US
Manual package installer for 10.10.5: https://support.apple.com/kb/DL1890?viewlocale=en_US&locale=en_US

0 Kudos
Reply

andyinindy
Contributor II

Posted on ‎09-02-2016 05:20 PM

Thanks @RobertHammen, I verified that the build number gets updated if you recon after applying the update. Cheers!

--Andy

0 Kudos
Reply

milesleacy
Valued Contributor

Posted on ‎09-02-2016 08:58 PM

I know a lot of folks don't like the simple answers, but the pictured and/or the equivalent configuration profiles are the most reliable way to ensure all patches and updates are applied in a timely manner.

If your network has bandwidth issues, Caching Server is a wonderful thing.

92fafb105fc6409abb4bdffd70163a02

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎09-03-2016 12:45 PM

+1

Unless your client has a stringent change control process mandate that all changes be vetted and approved.

¯_(ツ)_/¯

--
https://donmontalvo.com
0 Kudos
Reply

milesleacy
Valued Contributor

Posted on ‎09-04-2016 09:27 PM

@donmontalvo True, but then educating the "keepers of the requirements" becomes a priority.

Apple devices and their associated operating systems are a closed system. The fully patched OS for the device in question is the starting point for vetting the org's chosen settings and 3rd party software. Participating in the Apple Developer Programs grants access to early builds of updates so the vetting team can vet ahead of time and lean on noncompliant 3rd party vendors to fix their software. I'll just leave this here so as not to continue to hijack this thread. I'm glad to discuss elsewhere.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎09-04-2016 11:57 PM

I agree with all your points, including discussing elsewhere.

--
https://donmontalvo.com
0 Kudos
Reply