Excluding old OS X security vulns


#1

Hi all,

Struggling with a small problem with OS X results. I have an environment running purely on 10.14.xx, but all the hosts ends up with “Criticality 10” rating, because they’re full of findings from 10.5, 10.6, and as far back as 2004. All of these security updates were all rolled into OS X years ago, so really shouldn’t be linked to these machines. I have tried setting the threshold to 99%, but they still keep appearing.

Is there a way to only show findings relevant to the version of OS running? Ie machines on 10.14 should only show missing security updates from 10.14?

Thanks all!


#2

Thanks for your report. Your question will be passed to the responsible team for a review.

While awaiting the review it would be great if you could share some addition information about the Vulnerabilities (especially the Name and/or OID of the VTs in question) which are showing up for you.