oneiroi
05/02/2023, 9:50 AMos_version.version
in the application of the RSR, my query is, where might this be tracked ? I'll be looking at the os_version.build
though I am not certain this will change either, has anyone had the opportunity to review the RSR's introduced in macOS > 13.x (Ventura) as yet ? Many thanks!sudo softwareupdate -ai
Downloading macOS Security Response 13.3.1 (a)
Will be re-checking the os_version
table after application to see what (if anything) changes➜ ~ ~/osqueryi --line
Using a virtual database. Need help, type '.help'
osquery> select * from os_version;
name = macOS
version = 13.3.1
major = 13
minor = 3
patch = 1
build = 22E261
platform = darwin
platform_like = darwin
codename =
arch = arm64
Downloading: 100.00%
Downloaded: macOS Security Response 13.3.1 (a)
allister
05/02/2023, 11:23 AMseph
os_version
table. I wonder if we can expose that
osquery> SELECT * FROM os_version;
+-------+---------+-------+-------+-------+--------+----------+---------------+----------+-------+
| name | version | major | minor | patch | build | platform | platform_like | codename | arch |
+-------+---------+-------+-------+-------+--------+----------+---------------+----------+-------+
| macOS | 13.3.1 | 13 | 3 | 1 | 22E261 | darwin | darwin | | arm64 |
+-------+---------+-------+-------+-------+--------+----------+---------------+----------+-------+
/System/Library/CoreServices/SystemVersion.plist
sw_vers
is pulling fromgrahamgilbert
05/04/2023, 7:36 PMseph
oneiroi
07/12/2023, 1:57 PM/System/Library/CoreServices/SystemVersion.plist
or some other path ?
Additional to update this thread; please be aware that Apple have recalled the 13.4.1a update with 13.4.1b noted to be available "soon" seph
/System/Cryptexes/OS/System/Library/CoreServices/SystemVersion.plist
?oneiroi
07/12/2023, 2:01 PMseph
oneiroi
07/12/2023, 2:07 PMseph
oneiroi
07/12/2023, 2:08 PM<string>macOS</string>
<key>ProductUserVisibleVersion</key>
<string>13.4.1</string>
<key>ProductVersion</key>
<string>13.4.1</string>
(b)
is released for reasons Apple have opted to remove the patch that was implemented; it's insaneseph
oneiroi
07/12/2023, 2:14 PMseph
oneiroi
07/17/2023, 12:04 PMplist
table that uses `/System/Cryptexes/OS/System/Library/CoreServices/SystemVersion.plist`; though looks like this does not exist on macOS version 12.6.7 there is this plist file /System/Library/CoreServices/SystemVersion.plist
though sadly does not carry the ProductVersionExtra
was hoping to not need to introduce an IF
however seems that I may need to do so, as RSR's were introduced after 13.4.1 iirc thus to support both 12.6.x and 13.4.x versions in the query I don't see another approach, any thoughts on this ?seph
/System/Library/CoreServices/SystemVersion.plist
will never have the RSR. If the RSR is installed, /System/Cryptexes/OS/System/Library/CoreServices/SystemVersion.plist
will be correct. Or you could just use osquery 5.9.1, we declared it stable last night, but haven’t updated the web site.oneiroi
07/17/2023, 12:07 PMgrahamgilbert
07/17/2023, 3:11 PM