Jamf Blog

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

Your investigation into a security incident is only as good as the forensic data you collect. If that’s off, the entire incident response process will be a waste of time since it may not paint a complete picture of what happened and where. Enter Aftermath, the lightweight tool that knows where to look, helping you gather as much relevant data from the endpoint as quickly as possible to neutralize threats.

Jamf Threat Labs recently discovered a new macOS vulnerability in Archive Utility that could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive. We reported our findings to Apple on May 31, 2022, and in macOS Monterey 12.5. Apple patched the vulnerability on July 20, 2022, assigning it CVE-2022-32910.

CloudMensis is a new macOS spyware discovered by ESET. Researchers noted that this malware’s primary goal is to exfiltrate data, such as documents, keystrokes, screen captures, emails and other potentially sensitive data.

The Jamf Threat Labs team recently updated the threat prevention rules in Jamf Protect to prevent the browser hijacking campaign that inject ads into Chrome and Safari browsers on macOS. Red Canary also published similar findings on the adware.

Attackers have gotten very good at knowing how to reach you. Sometimes they know your phone number, your email, your place of work, and your colleagues’ names and that would be enough to reach you with a compelling phishing campaign.

But now, thanks to the wafts of personal data changing hands online, attackers also know your interests. Just like brands using your behavior, interests, likes, dislikes and purchase history to target ads to you, attackers are using that information to craft attacks that might be more alluring. This means users are more likely to stumble upon online risks, especially when it comes to attacks distributed on social media where we are very accustomed to having a personalized experience.

SentinelOne researchers recently investigated a supply chain attack leveraging a malicious crate named ‘rustdecimal’ in the crates.io Rust community crate repository.

Sonatype researchers recently identified a supply chain attack leveraging a malicious Python package ‘PyMafka’ in the PyPI registry.