GrahamMay 3, 2024
Let's investigate what CVEs are unpatched on your macOS device with osquery and SOFA https://grahamgilbert.com/blog/2024/05/03/investigating-unpatched-cves-with-osquery-and-sofa/
Investigating unpatched CVEs with osquery and SOFA

This week, Mac Admins Open Source released a new tool called SOFA. SOFA is a machine readable feed of macOS and iOS update data - including CVEs. Of course, my mind immediately jumped to “this would be a great osquery table”, so the macadmins osquery extension was updated this week to include tables for both the security release information for macOS (sofa_security_release_info) and unpatched CVEs (sofa_unpatched_cves). In this post, I’ll show you how to use the new sofa_unpatched_cves table to investigate unpatched CVEs on your macOS fleet.

graham gilbert
Show threadAllister Banks
.@grahamgilbert I’ve been thinking Very Seriously about being a good shepard/API designer/host (well, @natewalck is helping out the most from that front) and am realizing… I’m not particularly in the best position to make all the best choices for every community use case! So I hope I’m communicating similarly openly and clearly and with empathy and rigor so we can be trustworthy and engage-able and reliable
May 3, 2024 at 9:16pmWeb