-
-
Save april/3da7c3720b0d9f3ee7dc9a95f623578d to your computer and use it in GitHub Desktop.
#!/usr/bin/env zsh | |
# patched versions for CVE-2023-4863: 22.3.24, 24.8.3, 25.8.1, 26.2.1 | |
mdfind "kind:app" 2>/dev/null | sort -u | while read app; | |
do | |
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework" | |
if [[ -f $filename ]]; then | |
echo "App Name: $(basename ${app})" | |
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/') | |
echo "Electron Version: $electronVersion" | |
echo -n "File Name: $filename " | |
echo -e "\n" | |
fi | |
done |
Randomly, why find apps vs "Electron Framework.framework"? Would that be faster and more accurate? (Are there places there's files of kind other than app that might have electron?)
Edit: mdfind doesn't seem to search inside apps
bash-3.2$ mdfind 'Electron Framework.framework' 2>/dev/null | sort -u
/Users/adam/bin/vulnerable-electron.sh
bash-3.2$
Because mdfind
doesn't search inside bundles. :\
Btw, mdfind uses the user's locale for their syntax. Therefore a German user would need to use mdfind "art:app"
I tried overriding LANG=de_DE.UTF-8 LC_CTYPE=de_DE.UTF-8 LC_ALL=de_DE.UTF-8, and setting the language for Terminal to German, and it still insists on using en_US
.
Does overriding any of those to en_US.UTF-8
let mdfind
work with kind:app
?
No that doesn't seem to change anything. Idk maybe mdfind uses the language set via system settings or something
Just changed my mac to English and now it works
Wanted to share a slightly updated version of the script above that we used internally to help make running the script more actionable for our employees. The main change is that it outputs and highlights only the apps that are on unsafe electron versions.
#!/usr/bin/env bash
RED='\033[0;31m'
NC='\033[0m' # No Color
# patched versions for CVE-2023-4863: 22.3.24, 24.8.3, 25.8.1, 26.2.1
mdfind "kind:app" 2>/dev/null | sort -u | while read app;
do
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework"
if [[ -f $filename ]]; then
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/')
semver=( ${electronVersion//./ } )
major="${semver[0]}"
minor="${semver[1]}"
patch="${semver[2]}"
echo "${major}.${minor}.${patch}"
if [[ ( $major -lt 22 ) || ( $major == 22 && $minor -lt 3 ) || ( $major == 22 && $minor == 3 && $patch -lt 26 )
|| ( $major == 23 )
|| ( $major == 24 && $minor -lt 8 ) || ( $major == 24 && $minor == 8 && $patch -lt 6 )
|| ( $major == 25 && $minor -lt 8 ) || ( $major == 25 && $minor == 8 && $patch -lt 4 )
|| ( $major == 26 && $minor -lt 2 ) || ( $major == 26 && $minor == 2 && $patch -lt 4 )
|| ( $major == 27 && $minor -lt 0 ) || ( $major == 27 && $minor == 0 && $patch -lt 0 )
]]; then
printf "App Name: ${RED}$(basename ${app})${NC}\n"
echo "Electron Version: $electronVersion"
echo -n "File Name: $filename "
echo -e "\n"
fi
fi
done
You can still inline it, I think?
This
worked great!