1.1 Ensure All Apple-provided Software Is Current

Information

Software vendors release security patches and software updates for their products when security vulnerabilities are discovered. There is no simple way to complete this action without a network connection to an Apple software repository. Please ensure appropriate access for this control. This check is only for what Apple provides through software update.

Software updates should be run at minimum every 30 days. Run the following command to verify when software update was previously run: $ sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep -e LastFullSuccessfulDate. The response should be in the last 30 days (Example): LastFullSuccessfulDate = '2020-07-30 12:45:25 +0000';

Rationale:

It is important that these updates be applied in a timely manner to prevent unauthorized persons from exploiting the identified vulnerabilities.

Impact:

Missing patches can lead to more exploit opportunities.

Solution

Perform the following to install all available software updates:
Graphical Method:

Open System Preferences

Select Software Update

Select Show Updates

Select Update All

Terminal Method:
Run the following command to verify what packages need to be installed:

$ sudo /usr/sbin/softwareupdate -l

The output will include the following:
Software Update found the following new or updated software:
Run the following command to install all the packages that need to be updated:

$ sudo /usr/sbin/softwareupdate -i -a -R

Or run the following command to install individual packages:

$ sudo /usr/sbin/softwareupdate -i '<package name>'

example:

$ sudo /usr/sbin/softwareupdate -l
Software Update Tool

Finding available software
Software Update found the following new or updated software:
* iTunesX-12.8.2
iTunes (12.8.2), 273614K [recommended]

$ sudo /usr/sbin/softwareupdate -i 'iTunesX-12.8.2'
Software Update Tool


Downloaded iTunes
Installing iTunes
Done with iTunes
Done.

See Also

https://workbench.cisecurity.org/files/4000