forked from mondoohq/cnspec-policies
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mondoo-macos-vulnerability.mql.yaml
93 lines (80 loc) · 3.21 KB
/
mondoo-macos-vulnerability.mql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Copyright (c) Mondoo, Inc.
# SPDX-License-Identifier: BUSL-1.1
policies:
- uid: mondoo-macos-vulnerability
name: macOS Vulnerability Policy
version: 1.1.0
license: BUSL-1.1
tags:
mondoo.com/category: security
mondoo.com/platform: macos
authors:
- name: Mondoo, Inc
email: [email protected]
docs:
desc: |
## Overview
Mondoo macOS Vulnerability Policy checks for macOS vulnerabilities. It should be used in combination with the macOS Security Policy.
### Run policy
To run this policy against a macOS system:
```bash
cnspec scan local -f core/mondoo-macos-vulnerability.mql.yaml
```
## Join the community!
Our goal is to build policies that are simple to deploy, accurate, and actionable.
If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
groups:
- title: macOS Vulnerabilities
filters: |
asset.platform == "macos"
checks:
- uid: mondoo-macos-vulnerability-CVE-2023-32434
queries:
- uid: mondoo-macos-vulnerability-CVE-2023-32434
title: Ensure macOS Kernel Code Execution Vulnerability CVE-2023-32434 is not on the system
impact: 100
mql: |
version = asset.version.split('.')
if (version[0] == 11) {
minor = version[1] + "." + version[2]
minor >= 7.8
} else if (version[0] == 12) {
minor = version[1] + "." + version[2]
minor >= 6.7
} else if (version[0] == 13) {
minor = version[1] + "." + version[2]
minor >= 4.1
}
docs:
desc: |
Without the latest update, an app may be able to execute arbitrary code with kernel privileges. This issue may have been actively exploited. The update addresses an integer overflow with improved input validation.
audit: |
```bash
softwareupdate --list
Software Update Tool
Finding available software
Software Update found the following new or updated software:
* Label: Safari16.5.1MontereyAuto-16.5.1
Title: Safari, Version: 16.5.1, Size: 136580KiB, Recommended: YES,
* Label: macOS Monterey 12.6.7-21G651
Title: macOS Monterey 12.6.7, Version: 12.6.7, Size: 2870691K, Recommended: YES, Action: restart,
```
remediation: |
Please update your macOS installation. To install all available updates, run:
```bash
softwareupdate -i -a
```
You can also install individual updates by using the update label:
```bash
softwareupdate --install 'macOS Monterey 12.6.7-21G651'
```
More information can be found at (https://support.apple.com/en-us/HT201222)[https://support.apple.com/en-us/HT201222].
refs:
- url: https://nvd.nist.gov/vuln/detail/CVE-2023-32434
title: CVE-2023-32434
- url: https://support.apple.com/en-us/HT213809
title: macOS Big Sur 11.7.8
- url: https://support.apple.com/en-us/HT213810
title: macOS Monterey 12.6.7
- url: https://support.apple.com/en-us/HT213813
title: macOS Ventura 13.4.1