Automating OS updates can be an important part of OpSec. Here’s a quick script to enable automatic OS updates on MacOS:

See if Mac OS updates are installed by going to System Preferences > Software Updates > Advanced.

You want “Install MacOS updates” to be checked.

But you can also check this via the Command Line (when accessing remote devices via SSH, for example).

% sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate

You should see a plist that includes:

AutomaticallyInstallMacOSUpdates = 0;

To enable “Install MacOS updates”

% sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticallyInstallMacOSUpdates -boolean TRUE

And it should now be enabled, indicated by

AutomaticallyInstallMacOSUpdates = 1;

{
    AutomaticCheckEnabled = 1;
    AutomaticDownload = 1;
    AutomaticallyInstallMacOSUpdates = 1;
    LastAttemptBuildVersion = "12.1 (21C52)";
    LastAttemptSystemVersion = "12.1 (21C52)";
    LastBackgroundSuccessfulDate = "2022-01-25 15:33:22 +0000";
    LastFullSuccessfulDate = "2022-01-25 20:41:17 +0000";
    LastRecommendedMajorOSBundleIdentifier = "";
    LastRecommendedUpdatesAvailable = 0;
    LastResultCode = 2;
    LastSessionSuccessful = 1;
    LastSuccessfulDate = "2022-01-25 20:41:21 +0000";
    LastUpdatesAvailable = 0;
    PrimaryLanguages =     (
        "en-US",
        en
    );
    RecommendedUpdates =     (
    );
}

And also represented with a checkbox in the SoftwareUpdate GUI.

You can now run “softwareupdate” from the command line to update MacOS:

% sudo softwareupdate --install --os-only --restart

Now you can automate your script to remotely check (and enable) automatic software updates on MacOS.