Actively Exploited CVEs displays "false" when using -simulate-os-version flag

[mbulmer-addepar]

While testing with the -simulate-os-version flag (thank you for this btw!), it seems Nudge will display False when passing a version of macOS that is known to have actively-exploited CVEs.

For example, running /Applications/Utilities/Nudge.app/Contents/MacOS/Nudge -simulate-os-version "14.3.1" displays this info:

Nudge recommends macOS 14.5 as expected, but it does not appear to acknowledge that 14.3.1 has two actively-exploited CVEs that were addressed in 14.4.

I'm assuming Nudge is only reading the CVE details for macOS 14.5 but it would be a nice enhancement for it to consider any updates that were issued between the latest version and what is currently installed on the device.

[erikng]

You're misunderstanding how this logic works. Actively Exploited CVEs is based on the key from the SOFA url. You are asking it to install 14.5, which has no known active exploits.

While you are correct that 14.3.1 has active exploits, this bug report is not valid. If you are wanting a feature request to loop through ALL updates from x version through y version for active exploits, then show that as True, I kindly ask that you make another issue for that - and more importantly mark it as a feature request.

This issue gives the impression this behavior is wrong, and it is not. You are simulating a macOS version to test the that your core nudge config is correct.

[mbulmer-addepar]

My apologies. This was indeed meant to be a feature request and not a bug report. Thank you for clarifying.

[erikng]

It's an interesting feature request and one that will likely take a new thought around the sofa code. I'm willing to entertain it so please submit a feature request issue for this so I don't forget.

[erikng]

Gentle ping to not forget :)

[erikng]

I made a ticket myself.

[mbulmer-addepar]

Hey! Sorry for the delay on this, and thank you so much!