Jamf Nation Community

jmahabeer · Thursday

Hello All,

We want to use superman to update our MacBook fleet but our higher ups want to make sure that this device is not malicious. Has anyone run into this before and point me to any confirmation that this software is not malicious. I know that many people use this to update MacBook fleet as Jamf built in software updates does not work on OS under 13 and asking users to update their devices never works.

Tonyyoung · Thursday

Super is an open source tool which makes use of other open source tools.
I would advise to have your internal security team review the script and the dependencies and additional installed items (IBM Notifier, mist-cli) and make the determination of whether they believe anything malicious is going on.
It's primarily just a extremely large script, plus launchdaemon. But yes, this is a question for your internal security team.

jtrant · Friday

As @Tonyyoung said you need to ask your security team for review/approval of the SUPER script and its dependencies.

Having said that, you shouldn't have Macs in production running Monterey or lower as these OSes are no longer being maintained by Apple.

geoff_widdowson · Friday

If it helps, you should take into account that the creator is Kevin M White.

https://www.amazon.co.uk/stores/Kevin-M.-White/author/B001ILMA6C?ref=sr_ntt_srch_lnk_1&qid=174318519...

Not only did he previously work at Apple but he literally wrote the book (mutiple in fact) on macOS that was used on the official Apple Support essentials course for many years.

BGhilardi · yesterday

This application is being promoted by Jamf through the marketplace, so I dare say Jamf checked before promoting this tool to ensure it doesn't run any malicious scripts.
IBM Notifier is simply an advanced notification tool, and mist-cli allows downloading macOS firmware from official Apple sources.
The SUPER script brings this entire ecosystem to life.

Jamf Nation Community

Using Superman to update MacBook Fleet in Jamf