Merge pull request #305 from tstromberg/acrobat-reader

Detect vulnerable versions of Acrobat Reader
2025-02-16 17:37:06 +00:00 · 2023-09-14 16:37:45 -04:00 · 2023-09-14 16:37:45 -04:00 · a9eba00fb6
commit a9eba00fb6
parent b93654a9c9 961a673a52
1 changed files with 27 additions and 0 deletions
--- a/policy/vulnerable-acrobat-reader.sql
+++ b/policy/vulnerable-acrobat-reader.sql
@ -0,0 +1,27 @@
+-- Vulnerable version of Adobe Acrobat Reader is installed
+--
+-- References:
+--   * https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
+--
+-- tags: persistent state filesystem
+-- platform: darwin
+SELECT
+  name,
+  path,
+  bundle_version,
+  TRIM(REGEX_MATCH (bundle_version, "^(\d+)\.", 1)) AS major,
+  TRIM(REGEX_MATCH (bundle_version, "\.(\d+)$", 1)) AS patch
+FROM
+  apps
+WHERE
+  name LIKE "%Acrobat%"
+  AND (
+    (
+      major = "23"
+      AND CAST(patch AS integer) < 20285
+    )
+    OR (
+      major = "20"
+      AND CAST(patch AS integer) < 30517
+    )
+  )