Checking for Flash and Java Versions

Sometimes your Sr. Infosec Manager asks for you to find a way to track and update version of Flash and Java, since they tend to be a vulnerability that hackers like to exploit. So he says. Since Java and Flash are plug-ins, not stand-alone applications, you have to get the JSS to find and read the correct plist file to find the version number.

Here are the Extension Attributes I put together for the JSS to find and report the version number of Java and Flash. (There may be a prettier way to write out the script, but this stuff is still kind of new to me. But I can report that it works, which for me is most important.)


JavaVersions.sh

#!/bin/sh

#
# script by emily k @volusion 2014-06-10
# to detect version of java installed on OS X
# 

if [ -f "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist" ] ; then
    VERSION=$( defaults read "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist" CFBundleVersion )
else
    VERSION="Not installed."
fi

echo "<result>$VERSION</result>"

FlashVersions.sh

#!/bin/sh

#
# script by emily k @volusion 2014-06-10
# to detect version of flash installed on OS X
# 

if [ -f "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" ] ; then
    VERSION=$( defaults read "/Library/Internet Plug-Ins/Flash Player.plugin/Contents/version.plist" CFBundleVersion )
else
    VERSION="Not installed."
fi

echo "<result>$VERSION</result>"

Be careful with your copy-pasta!

I then put together saved searches/smart groups based on the results, so that I can then scope updates to the machines if they are out of date.

There may be better ways to check and scope updates, but for us reporting and monitoring is key to finding the best course of action to update and make updates available to users.

Update: These are now available on JAMF Nation.
Get Java Version
Get Flash Version