Skip to main content
This guide applies to Mac computers

About Vulnerability Management

Iru Endpoint’s Vulnerability Management feature scans your entire fleet for known vulnerabilities (CVEs) based on data from the National Vulnerability Database (NVD), providing a clear, organized way to monitor and respond to vulnerabilities across your fleet. By using the different views—Vulnerability, Application, and Devices—you can quickly assess which threats need immediate attention and act accordingly.

How It Works

Vulnerability Management continuously scans your Mac fleet for known security vulnerabilities by comparing installed applications against the National Vulnerability Database. The system provides multiple views to help you understand and prioritize threats, track remediation progress, and manage risk acceptance across your environment. Once you’ve enabled Vulnerability Management, it automatically begins scanning your devices every 15 minutes for application inventory updates. The system then matches these applications against the CVE database hourly to identify any known vulnerabilities. You can view results through three main interfaces: the Vulnerabilities view for threat-focused analysis, the Application view for software-specific insights, and the Devices view for device-level impact assessment.

Vulnerability Management Capabilities

Vulnerability Management identifies any known Common Vulnerabilities and Exposures (CVEs) within your fleet, leveraging information from the National Vulnerability Database (NVD). From the Vulnerabilities page in the Iru Endpoint Web App, you can view all relevant CVEs for specific applications. Not every CVE poses the same level of threat—some may be critical and require immediate attention, while others might be less urgent or not relevant to your environment. Please see our Accepting CVE Risks article for more information about how to accept CVE risks. Key capabilities include:
  • Real-time scanning of your entire Mac fleet for known vulnerabilities
  • Multiple view options to analyze threats from different perspectives
  • Severity-based prioritization using CVSS and KEV scoring systems
  • Remediation tracking to monitor your progress in addressing vulnerabilities
  • Risk acceptance for vulnerabilities that don’t require immediate action

Vulnerabilities View

The Vulnerabilities View provides a complete list of all detected CVEs across your fleet. You can search for specific vulnerabilities by:
  • Vulnerability ID - Find specific CVE identifiers
  • Vulnerable software - Filter by affected applications
  • Severity - Sort by threat level
  • First detected date - Track when vulnerabilities were discovered
  • Application or macOS version - Focus on specific software versions
These filters help you prioritize what needs attention first based on the severity and timing of the vulnerabilities.

Remediation Filtering

When all vulnerable software and devices impacted by a CVE are patched, the CVE will have a Remediated status.
1

Filter for Remediated CVEs

Use the Status filter and select Remediated.
2

View Remediated Results

The list will be filtered to display only CVEs for which the CVE was fully remediated.

CVE Information

When you select a CVE, a detailed drawer will appear, giving you an in-depth look at:
  • Vulnerability description - Detailed explanation of the security issue
  • Impacted applications - Which software is affected
  • Severity level - CVSS score and threat rating
  • Known exploit status - Whether it has been exploited in the wild
  • EPSS score - Probability of being exploited in the next 30 days
  • Official CVE reports - Links to authoritative sources for more information
This information helps you understand the scope of the threat and its potential impact on your devices. Vulnerable Software Tab The vulnerable software tab allows you to view all the application and macOS versions affected by a particular vulnerability. Devices Tab Use the devices tab to view the devices affected by the vulnerability. Filter by Blueprint to focus on specific device groups.

CVSS Score

The Common Vulnerability Scoring System (CVSS) is a method for calculating a qualitative measure of severity. Iru Endpoint Vulnerability Management uses the CVSS score to prioritize vulnerabilities and measure the severity of each vulnerability. The National Institute of Standards and Technology (NIST) maintains the National Vulnerability Database (NVD), which provides CVSS enrichment for all published CVE records.

KEV Score

The Cybersecurity Infrastructure Security Agency (CISA) maintains the authoritative source of vulnerabilities that have been exploited in the wild. Iru Endpoint Vulnerability Management uses the Known Exploited Vulnerabilities (KEV) catalog to prioritize vulnerabilities.

Vulnerable Software View

In the Vulnerable Software view, you can see all the software affected by a particular CVE. This allows you to focus your remediation efforts on the software that’s most at risk.

Report Inaccuracy

1

Start the Report

If there are any issues with a detected CVE, click the Report Inaccuracy button.
2

Select Issue Type

Select an issue from the drop-down menu.
3

Add Description

Optionally, enter a description of the issue.
4

Submit Report

Click the Report button to complete the report.

Application Directories

Vulnerability Management scans the following directories for Applications (.app files only):
  • /Applications - System-wide applications
  • /Library - Library applications and frameworks
  • /Users - User-specific applications

Update Frequency

ComponentFrequency
Device App InventoryEvery 15 minutes
App Vulnerability MatchingHourly
Vulnerability CVE DatabaseHourly

Devices View

The Devices View shows you which devices are impacted by the CVE. You can filter this view by Blueprint, which makes it easier to pinpoint affected devices within specific configurations or groups.

Device Details

For each affected device, you’ll see additional details to help you take action, including:
  • Threat ID: The unique SHA-256 hash of the detected threat
  • Process: The most recent process associated with the threat
  • Classification: The type of threat (e.g., malware, phishing)
  • Detection Date: When the threat was first identified
  • Devices: The number of impacted Mac devices
  • Threat Status: The current state of the threat—whether it’s quarantined, resolved, or still active
1

View Device Record

You can click the Open Device Record button for the full details.
2

Expand Details

Click the disclosure triangle to view more details.
3

View Application Information

You can view and copy the path of the application, as well as view version information.

Considerations

Scanning Scope
  • Vulnerability Management only scans for .app files in the specified directories
  • Third-party applications installed outside these directories won’t be detected
  • System frameworks and libraries are not included in vulnerability scanning
Update Timing
  • New vulnerabilities may not appear immediately after database updates
  • Allow up to an hour for new CVEs to be reflected in your fleet scan results
  • Device inventory updates every 15 minutes, but vulnerability matching occurs hourly
Remediation Tracking
  • CVEs are marked as “Remediated” only when all affected software and devices are patched
  • Partial remediation won’t change the overall CVE status
  • Use the Devices view to track individual device remediation progress