Privilege Management for Mac 21.2 Release Notes

April 13, 2021

New Features and Enhancements:

  • Allow message types configured for Password or Any authentication now support using Touch ID wherever password authentication for the current user alone Is sufficient.
  • Users can now create a reason message (allow or block) with a dropdown. Custom messages can be created in the dropdown.
  • Using sudo, users can now create a reason message (allow or block) with a dropdown. Custom messages can be created in the dropdown.
  • Implemented a workaround for an issue that caused multiple authentication prompts on systems running Big Sur.
  • Added a template to the Policy Editor to control the new Battery preference pane on systems running Big Sur.

You can not match on only the URI as other preference panes allow; the exact file path must be written, including the URI of system.preferences.

  • Added functionality to the CaptureConfig.app support tool to capture logs for the BIAdapter and PasswordSafe feature.

Issues Resolved:

  • Resolved an issue in which PMfM could cause the Keychain app to crash when changing certificate trust settings.
  • Resolved an issue in which authorization requests that came from a process on behalf of another process caused the plugin server to exit prematurely.
  • Resolved an issue in which defendpointd would hang when communicating with sudo. PMfM now handles chunked pieces of data better.
  • Resolved issue in which the SecurityAgent process occasionally transferred string data without a terminating NULL character, which resulted in some authorization requests not being successfully matched during PMfM rules processing, and log entries looking malformed.
  • Resolved issue in which the minimum supported versions were not listed in the relevant PLIST files. The minimum supported version is now displayed correctly as 10.14.
  • Resolved issue in which Xcode asked for administrator password for initial installation of simulators (on first start up). The associated rights are now controlled by PMfM via policy.
  • Resolved issue in which the Finder extension sometimes crashed when opening a context menu.
  • Resolved issue in which users were unable to install bundles which have restrictive ownership, restrictive permissions or both, such as Blender.app. Installed bundles are now owned by root:wheel, and the permissions of their contents are modified appropriately.
  • Hardened a daemon against sensitive information disclosure that could lead to privilege escalation.
  • Resolved issue in which installable and deletable actions were unable to match using file hash when the bundle was signed.
  • Resolved issue that incorrectly set the status flag of a bundle's com.apple.quarantine attribute, preventing the installation of the bundle into the /Applications directory.

Compatibility:

  • Privilege Management Policy Editor 21.2
  • Privilege Management ePO Extension 21.1
  • Privilege Management Cloud Adapter 21.2
  • BeyondInsight Adapter 21.2

If you have a business requirement to downgrade the Mac client, please first uninstall the currently installed version.

Supported Operating Systems:

  • macOS 11.0 Big Sur
  • macOS 10.15 Catalina
  • macOS 10.14 Mojave