1.1 Verify all Apple-provided software is current

Information

Software vendors release security patches and software updates for their products when security vulnerabilities are discovered. There is no simple way to complete this action without a network connection to an Apple software repository. Please ensure appropriate access for this control. This check is only for what Apple provides through software update.

Software updates should be run at minimum every 30 days. Run the following command to verify when software update was previously run: $ sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep -e LastFullSuccessfulDate. The response should be in the last 30 days (Example): LastFullSuccessfulDate = "2020-07-30 12:45:25 +0000";

Rationale:

It is important that these updates be applied in a timely manner to prevent unauthorized persons from exploiting the identified vulnerabilities.

Impact:

Missing patches can lead to more exploit opportunities.

Solution

Perform the following to install all available software updates:
Graphical Method:

Open System Preferences

Select Software Update

Select Show Updates

Select Update All

Terminal Method:
Run the following command to verify what packages need to be installed:

$ sudo softwareupdate -l

The output will include the following:
Software Update found the following new or updated software:
Run the following command to install all the packages that need to be updated:

$ sudo softwareupdate -i -a

Or run the following command to install individual packages:

$ sudo softwareupdate -i '<package name>'

example:

$ sudo softwareupdate -l
Software Update Tool

Finding available software
Software Update found the following new or updated software:
* iTunesX-12.8.2
iTunes (12.8.2), 273614K [recommended]

$ sudo softwareupdate -i 'iTunesX-12.8.2'
Software Update Tool


Downloaded iTunes
Installing iTunes
Done with iTunes
Done.

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|RA-5, 800-53|SI-2, 800-53|SI-2(2), CSCv7|3.4, CSCv7|3.5

Plugin: Unix

Control ID: ab913c87008626298d4c3e72ebd55aaaf53ab1ea3afb83804e8f89ffe826b26b