sw_vers -productVersion
import os
os.system('sw_vers -productVersion')
Or to grab the version of the OS you could import a function just for that:version = platform.mac_ver()
#!/usr/bin/python
import sys, urllib, json, platform
if len(sys.argv) > 1:
url = 'https://cve.circl.lu/api/search/apple/mac_os_x:{}'.format(sys.argv[1])
print([j['id'] for j in json.loads(urllib.urlopen(url).read().decode('utf-8'))])
else:
version = platform.mac_ver()
url = 'https://cve.circl.lu/api/search/apple/mac_os_x:{}'.format(version[0])
print([j['id'] for j in json.loads(urllib.urlopen(url).read().decode('utf-8'))])This can be found at https://github.com/krypted/maccvecheck
So what might I want to do with it next? Well, you can also read the index of an app using mdls, using the -name option and the kMDItemVersion attribute, as follows for iTunes:mdls -name kMDItemVersion /Applications/iTunes.appAnd then you can lookup that up in the CVE database as well:
curl https://cve.circl.lu/api/search/apple/itunes:12.5
Or to merge the version check and the cve check:
curl -s https://cve.circl.lu/api/search/apple/itunes:`mdls -name kMDItemVersion /Applications/iTunes.app | cut -d '"' -f2`
Ultimately, Apple has a number of products that are tracked in the cve database and a library of each could easily be built and parsed to produce all cve hits encountered on a Mac. Obviously, you might not want to trust some random site from Luxembourg (those Luxembourgians are troublesome after all) and you can do this directly against the zip from NIST or create your own microservice that responds similarly to this site.
The post Scripted Lookup Of CVEs For A Version of macOS appeared first on krypted.com.