Security Update 2015-002 & mach_kernel file visibility

Standard

As posted by Tim Sutton, the installation of  “Security Update 2015-002” on a 10.8.5 or 10.9.5 Mac will leave the /mach_kernel file visible. That’s fine, until someone deletes the file & then can’t boot their Mac.

As ever, Rich Trouton has blogged a method to hide the file via Casper.

However, Rich does love an EA & I’m not so inclined therefore the following is an EA free method to achieve the same end.

Build Version

This Security Update changes the Build Version of the OS, as mentioned in here & as illustrated by Rich here in the same thread.

We can use that to create a Smart Group as shown below:

Screen Shot 2015-03-11 at 22.26.00

So the criteria is;

Operating System is 12F2501 or Operating System is 13F1066

The Policy

As mentioned by Tim in his post, Apple have a KB article on how to re-hide the mach_kernel file.

We can now create a Policy that is scoped to the Smart Group we created above, with a trigger of “Recurring Check-in” & an “Execution Frequency” of “Once per computer”

Screen Shot 2015-03-11 at 22.26.28We then add the below command take from the above linked Apple KB, in the “Execute Command” field under “Files andProcesses”

Screen Shot 2015-03-11 at 22.26.35

Click “Save” & we’re done.

6 thoughts on “Security Update 2015-002 & mach_kernel file visibility

  1. elvisizer

    Why not use an EA here? Both ways will definitely work, just curious why you’d go to the trouble of developing this just to avoid using an EA.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.