MacOS IOMobileFrameBuffer 0-day Audit

Discover Outdated MacOS Devices

Apple recently released a new version for MacOS Big Sur quickly after releasing the major version 11.5. The patch addresses an actively exploited 0-day vulnerability in the IOMobileFrameBuffer component listed as CVE-2021-30807. Apple mentions that the vulnerability allows an application to execute arbitrary code with kernel privileges.  Since the vulnerability is already being actively exploited, all MacOS devices should be updated as soon as possible.

The report below will help you with identifying all the Mac machines in your network and whether they are running version 11.5.1 or higher. With the added color-coding, you'll be able to easily spot and filter which ones are still out of date and need to be updated first.

MacOS IOMobileFrameBuffer 0-day Query

Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblMacOSInfo.SystemVersion,
Case
When tblMacOSInfo.SystemVersion Like '%11.5.1%' Then 'Safe'
When tblMacOSInfo.SystemVersion Like '%11.0%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%11.1%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%11.2%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%11.3%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%11.4%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%11.5%' Then 'Vulnerable'
When tblMacOSInfo.SystemVersion Like '%10.%' Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblMacOSInfo.SystemVersion Like '%11.5.1%' Then '#d4f4be'
When tblMacOSInfo.SystemVersion Like '%10.%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.0%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.1%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.2%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.3%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.4%' Then '#ffadad'
When tblMacOSInfo.SystemVersion Like '%11.5%' Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblMacOSInfo On tblAssets.AssetID = tblMacOSInfo.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblMacOSInfo.SystemVersion Not Like '%Server%' And tblAssetCustom.State =
1 And tsysAssetTypes.AssetTypename Like '%Mac%'
Order By tblAssets.Domain,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit