Discover Safari Installations Vulnerable to The Latest Zero-Day Vulnerability
In addition to an earlier update for macOS, iOS and iPadOS, Apple has also released a new version of Safari for macOS Big Sur and macOS Catalina. The update was released to fix a zero-day vulnerability, CVE-2022-32893. The vulnerability is an out-of-bounds write issue that could allow attackers to execute arbitrary code. You can find more information in our Apple Vulnerability Blog.
To help you with ensuring all your Safari installs are up to date, the report below provides an overview of all installations scanned that are still vulnerable. This way you have an actionable list of assets that need to be updated.
Safari 15.6.1 Zero-Days Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblMacOSInfo.SystemVersion As OS,
tblAssets.Version as OSVersion,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblMacApplications.LastChanged
From tblAssets
Inner Join tblMacOSInfo On tblMacOSInfo.AssetID = tblAssets.AssetID
Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblSoftwareUni.softwareName Like '%Safari%' And
tblState.Statename = 'Active' and
((Len(tblMacApplications.Version) -
Len(Replace(tblMacApplications.Version, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%safari%' And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) < 15)
or
(Len(tblMacApplications.Version) -
Len(Replace(tblMacApplications.Version, '.', '')) = 1 And
tblSoftwareUni.softwareName Like '%safari%' And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 15 And
Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 6)
or
(Len(tblMacApplications.Version) -
Len(Replace(tblMacApplications.Version, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%safari%' And
Cast(ParseName(tblMacApplications.Version, 3) As bigint) < 15)
or
(Len(tblMacApplications.Version) -
Len(Replace(tblMacApplications.Version, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%safari%' And
Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 15 And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) < 6)
or
(Len(tblMacApplications.Version) -
Len(Replace(tblMacApplications.Version, '.', '')) = 2 And
tblSoftwareUni.softwareName Like '%safari%' And
Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 15 And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 6 And
Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 1))
