Security Update 2018-001 Changing UDID of Computers

ScottVV
Release Candidate Programs Tester

Hey Everyone,

I have a lab of late 2009 iMacs running 10.12.6, and I ran software updates on part of the lab. After running the updates, I noticed that I had duplicate records of some of the iMacs. I compared the old record to the new one and noticed the UDID for the device changed. The serial number, MAC address, and other hardware data was the same.

Today I installed updates on the remaining portion of the lab, about 10-15 computers. A couple of computers just had the security update. The rest had the security update plus an iTunes and Safari update. The two computers that installed just the 2018-001 security update both had their UDIDs changed. Some of the computers that installed the security update along with the other updates had their UDIDs change. Of course, some computers installed the security update along with the other updates just fine.

I looked at the old records for the duplicated computers and noticed the same thing as well. Computers that only installed the 2018-001 security update seemed to restart with new UDIDs. Computers that installed the security update with additional updates sometimes created a new UDID.

The computers run fine after the updates. They don't crash or have any other kind of problem. I'm just trying to figure out why the UDID is sometimes getting changed, and if there is anything I can do to prevent it, so I don't have to play whack-a-mole with duplicate computer records

10 REPLIES 10

blackholemac
Valued Contributor III

I don't know officially so this is only speculation as to why at best.

The fixes for Meltdown and Spectre though involve changes to the firmware and software that the processors use. It is entirely possible that the Security Update 2018-001 included fixes for those that may have monkeyed with the UDID. Again, I could be wrong, but it might well be the update itself causing it.

Feel free to let me know I'm totally off as I don't want to speculate something that I know nothing about.

m_donovan
Contributor III

I am seeing the same thing in our environment. I had not yet connected it to the update but will definitely do some digging now. Thanks for the info.

donmontalvo
Esteemed Contributor III

Anyone know if the 10.13.2 Combo Update is doing this? We haven't crossed the bridge yet, figured I'd check before.

--
https://donmontalvo.com

dmohs
Contributor

In my experience, Security Update 2017-002 on macOS 10.12.6 changed the UDID of all late 2009 iMacs.

ScottVV
Release Candidate Programs Tester

Yeah it looks like it's just late 2009 iMacs that are changing UDID's. I tried the security update on two labs of newer iMacs, mid 2017s and Mid 2011s, and non of the computers duplicated. I also tried on various laptops and didn't see an issue. We're releasing the update district wide today so I'll see what happens.

analog_kid
Contributor

Interestingly, I had the security update back in November (I think) cause all my late-2009 iMacs to lose trust with Jamf. Luckily, I don't have many of them.

analog_kid
Contributor

I just double-checked and it was the UDID that changed after that update (Security Update 2017-001).

claudiogardini
Contributor

@ScottVV How did your machines stay connected to your JSS? Usually with a new UUID they lose Connection. Did you manually re-enroll them?

ScottVV
Release Candidate Programs Tester

@claudiogardini We have a script on our computers that tries to connect to the JSS. If it can't the script will re-enroll the device. So the UDID get changed, the device loses JSS connection, and the script automatically re-enrolls the device.

claudiogardini
Contributor

I started messing around with a Script which updates the new UUID in the JSS without creating a new Computer Record. Unfortunately i haven't had the time to pursue the idea further. If anybody wants to use the Script please Test in a non production environment first!!

#!/bin/sh

jssurl="jssurl"
user="jssuser"
pass="jsspass"

#Getting UUID from local Machine
uuid=`system_profiler -detailLevel full SPHardwareDataType | grep "Hardware UUID" | cut -f2 -d : | sed 's/^ *//g'`
#Getting Serial Number
serialno=`system_profiler -detailLevel full SPHardwareDataType | grep "Serial Number (system)" | cut -f2 -d : | sed 's/^ *//g'`
#Getting JSS ID from Serial Number
id=`/usr/bin/curl -k -u $user:$pass "$jssurl/JSSResource/computers/serialnumber/$serialno" -X GET | xpath //computer/general/id | cut -f2 -d ">" | cut -f1 -d "<"`
#Getting UUID from JSS using Serial
jssuuid=`/usr/bin/curl -k -u $user:$pass "$jssurl/JSSResource/computers/serialnumber/$serialno" -X GET | xpath //computer/general/udid | cut -f2 -d ">" | cut -f1 -d "<"`
#Compare UUID and update if necessary
    if [ "${uuid}" != "${jssuuid}" ]; then
        echo "Updating UUID"
        #Update UUID
        curl -ku $user:$pass -H "Content-type: application/xml" -X PUT -d "<computer><general><udid>"$uuid"</udid></general></computer>" $jssurl/JSSResource/computers/id/$id
    else
        echo "Local and JSS-UUID matching. Exiting..."
    fi

exit 0