Jamf Blog

Posts in the Jamf Threat Labs Category

February 23, 2023 by Jamf Threat Labs

Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community. In this article, we’ll examine this malware and the glimpse it offers into the ongoing arms race between malware authors and security researchers as well as highlight the need for enhanced security on Apple devices to ensure their safe and effective use in production environments.

February 17, 2023 by Jamf Threat Labs

Jamf Threat Labs analyzes the exploited in-the-wild WebKit vulnerability CVE-2022-42856

Jamf Threat Labs investigated a WebKit vulnerability that was exploited in the wild. Attackers can exploit CVE-2022-42856 to control code execution within WebKit, giving them the ability to read/write files. This blog explores what the vulnerability looked like in the code and the patches Apple applied.

October 14, 2022 by Jesus Vigo

Get to know Aftermath: Jamf’s open-source incident response tool

Your investigation into a security incident is only as good as the forensic data you collect. If that’s off, the entire incident response process will be a waste of time since it may not paint a complete picture of what happened and where. Enter Aftermath, the lightweight tool that knows where to look, helping you gather as much relevant data from the endpoint as quickly as possible to neutralize threats.

October 5, 2022 by Jamf Threat Labs

Jamf Threat Labs identifies macOS Archive Utility vulnerability

Jamf Threat Labs recently discovered a new macOS vulnerability in Archive Utility that could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive. We reported our findings to Apple on May 31, 2022, and in macOS Monterey 12.5. Apple patched the vulnerability on July 20, 2022, assigning it CVE-2022-32910.

August 16, 2022 by Jamf Threat Labs

Fake droids: Your new Android device is actually an old Android 6

During a digital forensices investigation, we found a cheap burner device that purported to be an Android 10 was actually and old Android 6. In this blog, we present how attackers can ‘fake’ the shutdown screen on iOS to achieve persistence.

July 19, 2022 by Jamf Threat Labs

CloudMensis malware stealing your joy? Jamf’s got you covered!

CloudMensis is a new macOS spyware discovered by ESET. Researchers noted that this malware’s primary goal is to exfiltrate data, such as documents, keystrokes, screen captures, emails and other potentially sensitive data.

June 9, 2022 by Jamf Threat Labs

ChromeLoader adware halted from broadcasting by Jamf Protect

The Jamf Threat Labs team recently updated the threat prevention rules in Jamf Protect to prevent the browser hijacking campaign that inject ads into Chrome and Safari browsers on macOS. Red Canary also published similar findings on the adware.

June 7, 2022 by Jamf Threat Labs

‘No likes’ for iPhone phishing campaign on Instagram

Attackers have gotten very good at knowing how to reach you. Sometimes they know your phone number, your email, your place of work, and your colleagues’ names and that would be enough to reach you with a compelling phishing campaign.

But now, thanks to the wafts of personal data changing hands online, attackers also know your interests. Just like brands using your behavior, interests, likes, dislikes and purchase history to target ads to you, attackers are using that information to craft attacks that might be more alluring. This means users are more likely to stumble upon online risks, especially when it comes to attacks distributed on social media where we are very accustomed to having a personalized experience.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.