Kandji introduced a tool within its MDM policy that detects vulnerabilities in installed Mac applications by comparing against Common Vulnerabilities and Exposures (CVE) data. Upon detecting a vulnerable app, it can either patch it immediately, schedule the update according to the user's time zone, or simply log the issue. Apple has also enhanced Declarative Device Management (DDM) in upcoming macOS Tahoe versions, enabling the installation of application packages and providing greater potential for automated device management enhancements.
Kandji's new tool is a policy within the MDM that checks installed Mac apps against the latest Common Vulnerabilities and Exposures (CVE) data.
If it detects a vulnerable app, the agent applies your predefined rule for that CVE's severity, including immediate patching or scheduling updates per time zone.
Apple has extended Declarative Device Management (DDM) in future versions of macOS Tahoe to include installing application packages, opening doors for enhanced device management.
The vulnerability detection and patching solutions rely on existing Kandji device management capabilities to collect app version info from managed devices.
#vulnerability-management #declarative-device-management #cve-monitoring #apple-mdm #kandji-solutions
Collection
[
|
...
]