Jamf Blog

The Jamf Threat Labs team recently drew attention in the tech media for uncovering a sly piece of malware that was proliferating unnoticed in the wild. As Jamf Threat Labs pursued its trail, they discovered intriguing insights and went down some fascinating rabbit holes. This fascinating JNUC 2023 presentation walked attendees through a recent Mac malware campaign investigation from start to finish.

Jamf Threat Labs developed a post-exploit persistence technique on iOS 16 that falsely shows a functional Airplane Mode. In reality, after successful device exploit the attacker plants an artifical Airplane Mode that edits the UI to display Airplane Mode icons and cuts internet connection to all apps except the attacker application. This enables the attacker to maintain access to the device even when the user believes it is offline. This technique has not yet been observed in the wild and is only possible on an already exploited or jailbroken device.

Jamf After Dark co-hosts Kat Garbis and Sean Rabbitt welcomed special guest Aaron Webb, Senior Product Marketing Manager in security at Jamf for this special segment focusing on WWDC. They uncovered the benefits of same-day support, highlighted features, outlined how Jamf will support these features and discussed which markets stand to benefit most from these developments.

Threat actors targeted a cryptocurrency exchange in Japan, installing back doors and deploying spyware. Read more about the method of attack and Jamf's defense of the threat.

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket'. What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

In this blog, Jamf Threat Labs analyzes CVE-2023-28206, iOS 16.4.1 patches and CitizenLab’s findings on QuaDream’s exploits.

Get up to speed on recent Jamf in the News highlights, from how we’re helping tackle security threats to promoting BYOD.