From 1fdd127f6c9039d0f50e78322853d3fc88e87464 Mon Sep 17 00:00:00 2001
From: Dave Herder <27025660+dherder@users.noreply.github.com>
Date: Mon, 23 Sep 2024 14:17:39 -0700
Subject: [PATCH] Add macOS policies for patching in workstations-canary.yml
 (#22323)

---
 it-and-security/teams/workstations-canary.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml
index 353f9c8500..1d7ea39710 100644
--- a/it-and-security/teams/workstations-canary.yml
+++ b/it-and-security/teams/workstations-canary.yml
@@ -138,6 +138,20 @@ policies:
     resolution: We will perform system maintenance on your device.
     platform: darwin
     calendar_events_enabled: true
+  - name: macOS - Upgrade Firefox
+    query: SELECT 1 FROM apps WHERE name = 'Firefox.app' AND version_compare(bundle_short_version, '130.0.1') >= 0;
+    critical: false
+    description: The host may have an outdated or non-existent version of Firefox, potentially risking security vulnerabilities or compatibility issues.
+    resolution: During maintenance, the Firefox app could be updated to the correct version or installed if it's missing.
+    platform: darwin
+    calendar_events_enabled: false
+  - name: macOS - Upgrade Slack
+    query: SELECT 1 FROM apps WHERE name = 'Slack.app' AND version_compare(bundle_short_version, '4.40.126') >= 0;
+    critical: false
+    description: The host may be running an outdated version of Slack, which could pose security vulnerabilities or compatibility issues.
+    resolution: The host's Slack application will likely be updated to a version that is greater than or equal to '4.40.126'.
+    platform: darwin
+    calendar_events_enabled: false
 queries:
   - path: ../lib/collect-failed-login-attempts.queries.yml
   - path: ../lib/collect-fleetd-information.yml