macOS Patching Is Here!

Table of Contents

In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, buy and operate a dedicated (and in many cases proprietary) Mac tool to help them with patching all the vulnerabilities Qualys detects on those Mac devices.  

As a result, many customers found themselves with a dedicated set of tools to patch their Windows devices and a new dedicated tool for those MacOS devices. For some customers, Mac devices represent a much smaller number than their Windows devices but still, they are required to buy and operate a proprietary patching tool for Mac.

Since we first introduced our Patch solution for Windows a few years ago followed by our Linux patching addition, one of the most common types of feedback we got from our customers was in regard to simplicity and efficiency of having one solution to detect, prioritize, patch and automate remediation. Customers told us how using one solution not only for the detection of vulnerabilities but also for understanding the risk of those vulnerabilities and being able to efficiently respond and remediate those vulnerabilities save them time and allow them to become significantly more secure.

In addition, in the past year and a half, since we introduced our smart automation feature, customers are reporting on the significant efficiency automation provided in proactively remediating many of their vulnerabilities with no intervention from the remediation teams.  The combination of automation and the ability to patch third-party applications easily allows our customers to respond quickly to all those patches that are released constantly by many of those third-party applications.   In fact, ¼ of our customers are using our smart automation to ensure their browsers are always up to date – i.e. as soon as Chrome releases a new Zero day, the Qualys agent will patch it. As one of our customers told us, “Our teams meet monthly to review data from our Qualys dashboards, and we hardly ever see high or severe vulnerabilities on the list because we’re shutting them down so quickly”.

With this new release, we are pleased to announce the General Availability (GA) of Qualys Patch Management for macOS.

With this new Mac OS release, we expand on the same value proposition we are offering our customers for Windows and Linux to the Mac OS platform. Customers can now use the same smart automation and remediation workflows used with their Windows devices to remediate vulnerabilities detected on their MacOS devices. No need to use a proprietary tool just for Mac patching. The same Qualys Cloud Mac Agent that is currently used for vulnerability management can now be used to detect and patch Mac OS patches as well as Mac 3rd party application patches. You can just enable Patch management on MAC agents in a single click, and you do not need to go through the never-ending approval process of installing one more agent. The lightweight Cloud Agent features industry-leading levels of platform coverage, meaning that your entire estate can be protected. 

Features Highlights

  • Qualys macOS cloud agent (Intel/M1/M2) now supports Mac patching.
  • Support for Mac OS patching as well as Mac 3rd party applications patching. This includes supersedence.
  • Fully integrated with the Qualys VMDR and the current patch management offering
  • Support smart automation, scheduling, reboot management, etc.

Similar to Windows Patching

As macOS patching mostly targets end-user devices, the workflows supported are similar, as much as possible, to the Windows patch management. In other words, if you are familiar with how Windows patching works, the macOS patching experience will be very familiar.

Mac patch jobs are very similar to Windows patch jobs and can be run on demand, at a scheduled time, or during a defined maintenance window. The Mac patch job can also be configured to control the reboot of the mac device in case a reboot is needed.

Smart automation and our Zero Touch jobs can be created for Mac in a similar way to Windows.


The addition of Mac patching to Qualys Patch Management allows Qualys customers to detect, prioritize and remediate vulnerabilities on all major OSes (including 3rd party). Adding zero-touch automation further simplifies remediation, ensuring the next time a zero day is released for a browser app, all your Windows and Mac devices are automatically patched.

If you are a Qualys customer with agents deployed, starting a Patch Trial is very easy; your current deployed agents can already patch Mac and Windows devices. Visit the start a trial page, and we will enable a trial license for you so your agents can start patching.

If you are interested in learning more about Qualys Patch Management, do not hesitate to reach out to sales. 

This post was first first published on Qualys Security Blog’ website by Eran Livne. You can view it by clicking here