Here at Jamf, the Client Platform Engineering team has been using App Installers to keep core business applications patched. When news of the latest Zoom security vulnerability was announced, the team kept an eye on when a new patch would be made available.
The release occurred sometime over the weekend.
Wait, what vulnerability?!
This one! Detected by Patrick Wardle of Objective-See fame, the vulnerability was assigned CVE-2022-28756 and allows “Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS”. With a severity of“High” and a CVSS Score of 8.8, the vulnerability is known to affect Zoom Client for Meetings for macOS versions starting from 5.7.3 to before version 5.11.5.
Then what happened?
By the time the Client Platform Engineering team came back to the Jamf office Monday morning, the App Installers deployment was already happening, with nearly 25% of the fleet completely patched with the latest version (5.11.5) addressing the vulnerability.
By lunchtime, the patch count surpassed 50%.
A quote from Emily Kausalik, Manager of Client Platform Engineering, sums up the feeling at Jamf regarding how quickly this patch is being distributed, "The beautiful part is App Installers + Jamf Pro handled it while I was enjoying a weekend at home with my family and I didn’t have to do anything manually."
How did the patch get deployed so fast?
Because the team had already set up the automatic deployment of Zoom updates within App Installers, they were able to enjoy their weekend without requiring any manual intervention to finish the deployment of the update or additional work waiting for them to start off their week.
Additionally, with the quick update to the Patch Title policy for Zoom, the team also had visibility into the installation rate of the patched Zoom version, thanks to the built-in effective reporting that didn’t require building custom dashboards, new searches or smart groups.
Simply put: insight into the efficacy and efficiency of the patch deployment – easy and intuitive, yet powerful deployment management at a glance.
Can I get App Installers to distribute apps in my organization?
Sure! All Jamf Pro Cloud customers already have this incredible feature baked right into their favorite MDM solution. Oh, and before you ask, it’s included at no additional cost to subscription customers, including Business and Enterprise plan customers too.
With approximately seven hundred actively updated software title patch definitions available in the app catalog, Jamf regularly reviews all these title policies to ensure they may be published as an App Installer. If you notice your favorite apps are not included yet, feel free to request a software title just as you would request new titles from patch management.
When new App Installers are added, universal installer packages are used which support both Apple Silicon and Intel-based architectures. If a universal package is not readily available from the manufacturer, Jamf will repackage the packages with a custom wrapper that detects the architecture on the target Mac, deploying the appropriate payload for the detected architecture automatically – no additional administrative action is needed.
Mac admins! Jamf helps you to work smarter, not harder…
and more securely too, with App Installers keeping your apps patched.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.