nudge icon indicating copy to clipboard operation
nudge copied to clipboard

Published 20 hours ago verified publisher icon macadmins

Active CVE evaluation bug

Open rand0muser123 opened this issue 6 months ago • 0 comments

Test case : Manual command line trigger to emulate OS 14.1.2 with disableNudgeForStandardInstalls set to true

Current behaviour: In the logs I can see that it is assessing macOS version range for active exploits It then evaluates no known CVEs for 14.6.1 and acknowledge that disable NudgeForStandardInstalls is set to true It then terminates

Expected behaviour: In the logs I was expecting to see SOFA Actively Exploited CVEs: true and for Nudge to launch since there are CVEs in between and we have initiated the minorversionrecalculationthreshold - 15

Nudge Version: V2.0.10 Tested OS version - 14.1.2 Required OS version - latest-minor

Config

<key>optionalFeatures</key>
               <dict>
                   <key>acceptableApplicationBundleIDs</key>
                   <array/>
                   <key>acceptableAssertionApplicationNames</key>
                   <array/>
                   <key>acceptableAssertionUsage</key>
                   <false/>
                   <key>acceptableCameraUsage</key>
                   <false/>
                   <key>acceptableScreenSharingUsage</key>
                   <false/>
                   <key>aggressiveUserExperience</key>
                   <true/>
                   <key>aggressiveUserFullScreenExperience</key>
                   <true/>
                   <key>asynchronousSoftwareUpdate</key>
                   <true/>
                   <key>attemptToBlockApplicationLaunches</key>
                   <false/>
                   <key>attemptToFetchMajorUpgrade</key>
                   <true/>
                   <key>blockedApplicationBundleIDs</key>
                   <array/>
                   <key>utilizeSOFAFeed</key>
                   <true/>
                   <key>disableNudgeForStandardInstalls</key>
                   <true/>
                   <key>enforceMinorUpdates</key>
                   <true/>
                   <key>terminateApplicationsOnLaunch</key>
                   <false/>
               </dict> 
               <key>osVersionRequirements</key>
               <array>
                   <dict>
                       <key>aboutUpdateURL</key>
                       <string>https://apple.com</string>
                       <key>activelyExploitedCVEsMajorUpgradeSLA</key>
                       <integer>14</integer>
                       <key>activelyExploitedCVEsMinorUpdateSLA</key>
                       <integer>14</integer>
                       <key>nonActivelyExploitedCVEsMajorUpgradeSLA</key>
                       <integer>21</integer>
                       <key>nonActivelyExploitedCVEsMinorUpdateSLA</key>
                       <integer>21</integer>
                       <key>standardMajorUpgradeSLA</key>
                       <integer>28</integer>
                       <key>standardMinorupdateSLA</key>
                       <integer>28</integer>
                       <key>minorVersionRecalculationThreshold</key>
                       <integer>15</integer>
                       <key>majorUpgradeAppPath</key>
                       <string>/System/Library/PreferencePanes/Softwareupdate.prefpane</string>
                       <key>requiredMinimumOSVersion</key>
                       <string>latest-minor</string>
                       <key>targetedOSVersionsRule</key>
                       <string>default</string>
                   </dict>
               </array>

rand0muser123 avatar Aug 26 '24 00:08 rand0muser123