Information
Software vendors release security patches and software updates for their products when security vulnerabilities are discovered. There is no simple way to complete this action without a network connection to an Apple software repository. Please ensure appropriate access for this control. This check is only for what Apple provides through software update.
Software updates should be run at minimum every 30 days. Run the following command to verify when software update was previously run: $ /usr/bin/sudo /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep -e LastFullSuccessfulDate The response should be in the last 30 days (
Example
): LastFullSuccessfulDate = "2020-07-30 12:45:25 +0000";
It is important that these updates be applied in a timely manner to prevent unauthorized persons from exploiting the identified vulnerabilities.
Solution
Graphical Method:
Perform the following steps to install all available software updates:
- Open System Preferences
- Select Software Update
- Select Show Updates
- Select Update All
Terminal Method:
Run the following command to verify what packages need to be installed:
$ /usr/bin/sudo /usr/sbin/softwareupdate -l
The output will include the following: Software Update found the following new or updated software:
Run the following command to install all the packages that need to be updated:
To install all updates runthe command:
$ /usr/bin/sudo /usr/sbin/softwareupdate -i -a
Or run the following command to install individual packages:
$ /usr/bin/sudo /usr/sbin/softwareupdate -i '<package name>'
Note: If one of the software updates listed includes Action: restart then you must attach the -R flag to force a system restart. If the system update is complete but no restart occurs, then the system is in an unknown state that requires a future restart. It is advised to run updates and forced restarts during system downtime and not while in active use.
example:
$ /usr/bin/sudo /usr/sbin/softwareupdate -l
Software Update Tool
Finding available software
Software Update found the following new or updated software:
* Label: ProVideoFormats-2.2.7
Title: Pro Video Formats, Version: 2.2.7, Size: 9693KiB, Recommended: YES,
* Label: Command Line Tools for Xcode-15.0
Title: Command Line Tools for Xcode, Version: 15.0, Size: 721962KiB, Recommended: YES,
$ /usr/bin/sudo /usr/sbin/softwareupdate -i 'ProVideoFormats-2.2.7'
Software Update Tool
Finding available software
Attempting to quit apps: (
"com.apple.Compressor"
)
Waiting for user to quit any relevant apps
Successfully quit all apps
Downloaded Pro Video Formats
Installing Pro Video Formats
Done with Pro Video Formats
Done.
In the above example, if a restart was required, the command to remediate would be /usr/bin/sudo /usr/sbin/softwareupdate -i 'ProVideoFormats-2.2.7' -R
Impact:
Installation of updates can be disruptive to users, especially if a restart is required. Major updates need to be applied after creating an organizational patch policy. It is also advised to run updates and forced restarts during system downtime and not while in active use.