Jamf Blog

Jamf Threat Labs developed a post-exploit persistence technique on iOS 16 that falsely shows a functional Airplane Mode. In reality, after successful device exploit the attacker plants an artifical Airplane Mode that edits the UI to display Airplane Mode icons and cuts internet connection to all apps except the attacker application. This enables the attacker to maintain access to the device even when the user believes it is offline. This technique has not yet been observed in the wild and is only possible on an already exploited or jailbroken device.

Jamf After Dark co-hosts Kat Garbis and Sean Rabbitt welcomed special guest Aaron Webb, Senior Product Marketing Manager in security at Jamf for this special segment focusing on WWDC. They uncovered the benefits of same-day support, highlighted features, outlined how Jamf will support these features and discussed which markets stand to benefit most from these developments.

Threat actors targeted a cryptocurrency exchange in Japan, installing back doors and deploying spyware. Read more about the method of attack and Jamf's defense of the threat.

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket'. What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

In this blog, Jamf Threat Labs analyzes CVE-2023-28206, iOS 16.4.1 patches and CitizenLab’s findings on QuaDream’s exploits.

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

Newly discovered supply-chain attack affecting 3CX softphone app used by millions of users globally. In this blog, the Jamf Threat Labs discusses how the app was compromised, what it does and how to go about detecting it on your network.