Mac Admins Podcast Episode 424: Feeling Vulnerable with Arek and Matt
7 snips
Aug 12, 2025 Arek Dreyer and Matt Day from Kandji share their insights on the evolving landscape of vulnerability management. They discuss the exciting innovations from Apple's recent WWDC, emphasizing security and user experience. Key topics include navigating risk assessments, the importance of flexibility in application updates, and the balance between innovation and simplicity in IT. They also explore community collaboration and the challenges of managing beta software, all while passionately advocating for effective vulnerability strategies.
AI Snips
Chapters
Books
Transcript
Episode notes
Automated Vulnerability Response
- Kanji's vulnerability response links detected CVEs to automated update or blocking actions using their auto-app catalog.
- Admins can choose per-severity policies to update immediately, schedule, or take no action for each vulnerability class.
Evaluate Risk Before Accepting It
- Evaluate CVEs by severity, known exploitability, and exposure before deciding to accept risk or remediate.
- Use temporary accept-risk windows (e.g., a quarter) and revisit them to meet compliance and reduce alert fatigue.
Don’t Patch System Binaries Yourself
- For OS vulnerabilities, wait for Apple patches instead of attempting risky system modifications.
- Treat OS updates as vendor-supplied fixes and avoid disabling protections like SIP to patch system binaries.
