Jamf Blog

Posts in the Jamf Threat Labs Category

November 4, 2021 by Jamf Threat Labs

How iOS malware can spy on users silently

In this blog, we’ll demonstrate how mobile threat actors bypass the recently added camera & microphone green/orange indicators.

October 27, 2021 by Jamf Threat Labs

Use-After-Free in Voice Control: CVE-2021-30902 Write-up - Jamf Threat Labs

This post explores two common cases where crashes occur during the toggling of the voice control switch and provides a proof-of-concept demonstration of a race condition that can cause memory corruption and code execution.

September 14, 2021 by Jamf Threat Labs

iOS 0-Click, CVE-2021-30860, sounds familiar. An unreleased write-up: one year later

A 0-click vulnerability that was identified by Jamf Threat Labs is reproduced, alongside a breakdown of how it works and why it is critical to protect your iOS-based mobile fleet from CVE-2021-30860.

July 17, 2021 by Jamf Threat Labs

Meet WiFiDemon: iOS 0-day/0-click vulnerability that was silently patched

Jamf Threat Labs team investigates the 0-click vulnerability affecting Wi-Fi that permits remote code execution (RCE) if exploited, triggering a Denial of Service (DoS) attack, among others. In this blog, the researchers identify what makes the vulnerability possible, how it works and deep dive into the technical details, as well as how to fix the issue to keep your iOS-based fleet protected.

January 5, 2021 by Jamf Threat Labs

NTFS Remote Code Execution (CVE-2020-17096) Analysis

This blog analyzes the CVE-2020-17096 vulnerability and provides a PoC exploit resulting in denial of service.

December 21, 2020 by Jamf Threat Labs

Remote iOS Attacks Targeting Journalists: More Than One Threat Actor? - Jamf Threat Labs

We detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack detection was automatically detected using Mobile DFIR.

November 19, 2020 by Jamf Threat Labs

Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7

Due to its popularity, iOS has attracted the attention of a large number of security researchers. Apple is constantly improving iOS security, develops and adapts new mitigations at a rapid pace. In terms of the effectiveness of mitigation measures, Apple increases the complexity of hacking iOS devices making it one of the hardest platforms to hack, however, it is not yet sufficient to block skilled individuals and well-funded groups from achieving remote code execution with elevated permissions, and persistence on the device.

This blog post is the first of multiple in a series of achieving elevated privileges on iOS.

June 15, 2020 by Jamf Threat Labs

SMBleedingGhost Writeup Part II

In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. This is part two.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.