Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix autoupdate_managed table value for MacOS 15 #1862

Merged
merged 2 commits into from
Sep 12, 2024
Merged

Fix autoupdate_managed table value for MacOS 15 #1862

merged 2 commits into from
Sep 12, 2024

Conversation

Micah-Kolide
Copy link
Contributor

In MacOS 15 Sequoia the SoftwareUpdate private framework has been updated and the autoupdate_managed value was no longer being detected for our kolide_macos_software_update table. After decompiling the framework it became clear what needed to change, but I was able to verify this change after we got a MDM profile on my laptop.

I've attached 4 photos of the decompiled framework (the first two are from MacOS 14 and the last two are from MacOS 15).
Screenshot 2024-09-11 at 3 39 52 PM
Screenshot 2024-09-11 at 4 04 10 PM
Screenshot 2024-09-11 at 3 41 48 PM
Screenshot 2024-09-11 at 4 04 23 PM
In these images we can see that the isMacOSAutoUpdateManaged and isAutomaticallyCheckForUpdatesManaged performed the exact same operation in the older version of the framework, but in the newest version it seems that isAutomaticallyCheckForUpdatesManaged has been deprecated.

Here is the result after updating to use isMacOSAutoUpdateManaged with a managed device:
Screenshot 2024-09-11 at 3 57 22 PM
Here is the result on my device without a profile to manage the autoupdates:

osquery> SELECT * FROM kolide_macos_software_update;
             autoupdate_managed = 0
             autoupdate_enabled = 1
                       download = 1
                    app_updates = 1
                     os_updates = 0
               critical_updates = 1
last_successful_check_timestamp = 1726030905

directionless
directionless approved these changes Sep 12, 2024
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm game to try this -- when it merges to nightly, let's make sure we test it on the nightly machines. (And maybe even push it to alpha)

@directionless directionless added this pull request to the merge queue Sep 12, 2024
Merged via the queue into main with commit a0fa235 Sep 12, 2024
30 checks passed
@directionless directionless deleted the micah/update_macos_autoupdate_managed branch September 12, 2024 01:13
@RebeccaMahany RebeccaMahany added the component:table Table Changes label Sep 12, 2024
@James-Pickett James-Pickett mentioned this pull request Sep 12, 2024
Merged
RebeccaMahany added a commit to RebeccaMahany/launcher that referenced this pull request Sep 13, 2024
@RebeccaMahany
Proof-of-concept for Windows Hello
31ec463 
desktop triggers Windows Hello

Fix timeout, small refactor

Tidy up names, add documentation

Retrieve key credential status

Retrieve pubkey

Get attestation

windows arm64 fixes, upgrade winio and thrift (kolide#1858)

Fix `autoupdate_managed` table value for MacOS 15 (kolide#1862)

james/remove wmi unneeded releases (kolide#1863)

Check windows service manager settings prior to setting them (kolide#1859)

Co-authored-by: Michael <[email protected]>
Co-authored-by: seph <[email protected]>
Co-authored-by: Rebecca Mahany-Horton <[email protected]>

Update function signature

Move to ee
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
component:table Table Changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Micah-Kolide @directionless @RebeccaMahany