New Apple macOS Big Sur Feature To Hamper Adware Operations

With macOS 11, also known as Big Sur, Apple has removed the ability to install macOS profile configurations from the command-line. ZDNet reports: This ability was previously a core feature of macOS' enterprise package, which allows system administrators to deploy new configurations company-wide via automated scripts. However, the ability to deploy a new profile config via the command-line has also been abused by malware gangs or adware strains, who used it because it was silent and didn't require any type of user interaction. Hackers or malware authors who gained access to Mac Deployment servers or who infected just one Mac, abused the command-line to deploy their own malicious configurations to hijack proxy settings, change default apps, and more.

As bad as that Trump Press Secretary

[NoMoreACs]

Msmash needs either some reading-comprehension lessons; or some truth-telling lessons.

TFS makes it sound like Apple just took the lazy Microsoft way-out and simply removed the feature in question. But a two-second glance at TFA reveals that Apple simply requires User Approval before a Profile is installed.

Not perfect; but no longer a "silent" operation, which is patently insecure.

I understand that it is SOP for /. Users not to RTFA; but that should not extend to Editors...

Re:

[rHBa]

I wouldn't accuse the editor of outright lying, he did just copy the lead line from TFA.

Laziness and/or selective editing sure...

Re: As bad as that Trump Press Secretary

[NoMoreACs]

Laziness and/or selective editing sure...

An awful lot of that "Selective Editing" (a/k/a "lying") around here, especially when the subject involves Apple.

I stick by my original statement; especially when that "Headline" was followed by several sentences of "details".

Re:

[rHBa]

The H1 and H2 did explain it better than the following paragraph that he chose to promote so I can't really argue with that...

Re: As bad as that Trump Press Secretary

[NoMoreACs]

The H1 and H2 did explain it better than the following paragraph that he chose to promote so I can't really argue with that...

I fail to see one word in TFS that would cause the casual reader to understand that Apple merely tightened-up an Enterprise-feature, rather than just removing it.

Re:

[rHBa]

I just tried to agree with you and you're still whinging!?!

Re:

[dfghjk]

They call them "editors" for a reason. They are expected to do more than simply copy.

Re:

[dfghjk]

The raging asshole barely beneath the surface.

Re:

[Paradise Pete]

Yes, it would have been better if the summary had included this bold and all-caps part of the article: "INSTALLING A MACOS PROFILE NOW REQUIRES USER INTERACTION". But perhaps the poster didn't see it as it's so easy to overlook...

Requiring user interaction is all well and good

[Viol8]

But if you're an admin who (in theory though huge Mac installations are rare) has loads of machines to update, you really dont want to have to visit each machine in person, or even worse talk the user through the install and listen to them screw it up. For all their faults MS realised that decades ago. Perhaps Apple should be concentrating on fixing the design faults that allow malware and adware to use this feature in the first place.

Re: Requiring user interaction is all well and goo

[gnasher719]

I think this is an excellent feature. Send an email first explaining whatâ(TM)s going on. Then push whatever the company wants to push, then find out who didnâ(TM)t accept it and why. There will be some percentage on holiday. But you will also identify a small percentage that is just too stupid to work in your company.

Re:

[theurge14]

MDM can manage macOS as well as iOS/Android/Windows, so an admin can use that to configure and update machines, supervised macOS don't require user interaction.