Refreshing the Apple Security Page for you 🍎 🔐
Running on 🐥 @ApplSec since February 6, 2021
Running on 🐘 @ApplSec@infosec.exchange since November 5, 2022
It starts by checking if the latest release on the Apple Security Updates page has already been posted. If not, it continues to check the next one. When it gathers all the new releases, it starts visiting their security content pages. There, it counts how many security issues (CVEs) were fixed, checks for zero-days, etc.
If Apple says "no details yet", it will save the release's name and say in the post that information is not available yet. It will continue to check and make a post when security content is available with all the information it contains.
To get the latest beta releases it also checks the Apple Developer Releases page.
In the end, it arranges the gathered data into a post or a thread as needed and sends it to Mastodon and Twitter.
The bot is checking for changes hourly. To avoid posting and checking the same thing twice, it stores recently posted data in a JSON file. The file also contains the last 10 zero-days, so it can tell if a zero-day is new or if it's just an additional update for a different system.
At midnight, the bot checks if Apple has updated or added any entries to older security notes. On January 19th, 2022, Apple updated 25 security notes, adding and updating entries back to releases from two years ago.
The bot is often updated as new ideas appear and to keep up with any changes to Apple's website.
- Tweepy, for communication with Twitter API
- requests, for communication with Mastodon API and for requests to Apple's website
- lxml, for easier HTML processing
- GitHub Actions, for running the bot hourly
Not affiliated with Apple Inc.
Apple, iCloud, watchOS, tvOS and macOS are trademarks of Apple Inc., registered in the U.S. and other countries and regions.