Security

moofPatch from Moof IT โ€“ Automatic Third-Party Application Patching for Macs

Moof IT
10.21.2021
Share

moofPatch is an automated solution that enforces updates for 3rd party applications on macOS. The service leverages the built-in capabilities of Jamf Pro, adding enforcement of updates for security compliance, whilst minimising user disruption via deferral options, smart logic for meeting room apps and clear feedback to the user when patching occurs.

All updates and Jamf related config are maintained by Moof IT, following a strict testing and release process that minimises the risk of disruption.

moofpatch Dark Mode moofpatch standard

Patching process

moofpatch_circle.png

The following process is either 14 or 28 days in duration, depending on your chosen patch cycle:

  1. On day 1 of the patching cycle, Moof will add available updates for all agreed applications to your Jamf Pro server

  2. On day 2, your pilot users will start to receive notifications that updates are available, including the date at which they will be enforced, if they choose to defer them

  3. On the agreed enforcement date, pilot users will have any available app updates enforced

  4. The following day, all remaining users will start to receive notifications that updates are available

  5. On the final enforcement day, all remaining users (that havenโ€™t chosen to run them already), will have the updates enforced on their Macs

Key features

Enforced app updates

All apps included in your moofPatch config are subject to enforced updates on the organisation Macs, ensuring the devices stay up to date with bug fixes and compliant with security accreditations.

Screenshot 2024-02-23 at 20.06.41.png

Pilot and standard user phased rollout approach

Update rollouts are phased with pilot users first, followed by your main Mac user group. This helps to ensure any more subtle bugs in specific app updates are detected before being deployed to all users.

14 or 28 day patching schedules

Your organisation has the option of enforcing either a 28-day or 14-day patching cycle, allowing you to adhere to any security accreditations that require a stricter patching frequency such as Cyber Essentials +.

Ad-hoc critical patch enforcement

In cases where a critical app update is identified, moofPatch allows the addition of ad-hoc updates being flagged as โ€œcriticalโ€. This enforces the installation of the update for the affected Mac within 24 hours, independently from the main patching cycle.

Please note that Moof are not responsible for monitoring devices for vulnerable software. Notification of a critical patch would need to be provided by your vulnerability management team.

If required, Moof are able to provide vulnerability management as a service, integrated with moofPatch for automatic addition of critical vulnerability patches.

Online meeting awareness

moofPatch is aware of meeting room software (including Zoom, Microsoft Teams, Webex & GoToMeeting) and detects whether a meeting is in progress. This allows you to run moofPatch safely on your devices knowing that it wonโ€™t enforce updates if a user is in an online meeting.

Pre-patching device check

To help ensure a smooth deployment of app updates, moofPatch automatically checks for power, network and disk space, flagging up any issues for review if required:

Screenshot 2024-02-23 at 21.11.46.png

Customisable patching deferral options

When moofPatch starts alerting users about pending software updates, they can be presented with a range of options including โ€œRun updates nowโ€, โ€œDefer for X amount of timeโ€ or โ€œDefer notifications until the enforcement timeโ€.

Automatic application closing

moofPatch is configured to automatically close any open apps before they are patched. This helps ensure that the overall update process is successful as possible and avoids application corruption. In these cases, users are notified and given a 5-minute countdown to allow them to save any open work: