update the macOS up to date query, get actionable output (#360)

the new mql provides you a better output which update is missing: ``` cnspec> parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates'] == empty [failed] parse.plist.params.RecommendedUpdates == <ref> expected: == _ actual: [ 0: { Display Name: "macOS Sonoma 14.3.1" Display Version: "14.3.1" Identifier: "MSU_UPDATE_23D60_patch_14.3.1_minor" MobileSoftwareUpdate: true Product Key: "MSU_UPDATE_23D60_patch_14.3.1_minor" } ] ``` Instead of this output: ``` cnspec> command("softwareupdate -l").stderr.contains("No new software available.") [failed] command.stderr.contains expected: == true actual: false ``` Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
mondoohq · Mar 1, 2024 · 2f09324 · 2f09324
1 parent 73f97f0
commit 2f09324
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/core/mondoo-macos-security.mql.yaml b/core/mondoo-macos-security.mql.yaml
@@ -1257,7 +1257,7 @@ queries:
     title: Ensure macOS is up to date
     impact: 100
     mql: |
-      command("softwareupdate -l").stderr.contains("No new software available.")
+      parse.plist('/Library/Preferences/com.apple.SoftwareUpdate.plist').params['RecommendedUpdates'] == empty
     docs:
       desc: |
         By staying up to date on macOS patches, vulnerabilities in the macOS can be mitigated. An educated attacker can exploit known vulnerabilities when attempting to attain access or elevate privileges on a macOS.