1.4 Ensure Installation of App Update Is Enabled

Information

Ensure that application updates are installed after they are available from Apple. These updates do not require reboots or admin privileges for end users.

Rationale:

Patches need to be applied in a timely manner to reduce the risk of vulnerabilities being exploited.

Impact:

Unpatched software may be exploited.

Solution

Perform the following to enable App Store updates to install automatically:
Graphical Method:

Open System Preferences

Select Software Updates

Select Advanced

Select Install app updates from the App Store

Terminal Method:
Run the following command to turn on App Store auto updating:

$ sudo /usr/bin/defaults write /Library/Preferences/com.apple.commerce AutoUpdate -bool TRUE

Note: This remediation requires a log out and log in to show in the GUI.
Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.SoftwareUpdate

Add the key AutomaticallyInstallAppUpdates

Set the key to <true/>

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|RA-5, 800-53|SI-2, 800-53|SI-2(2), CSCv7|3.4, CSCv7|3.5

Plugin: Unix

Control ID: 521e0fef1c4ae04ba7796443379806c5f29f2b5851a0416f78708e7e92e848b4