Jamf Blog

Posts in the Jamf Threat Labs Category

June 9, 2020 by Jamf Threat Labs

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost

This blog investigates the SMBleed vulnerability that was discoverd during an examination of the vulnerable function SMBGhost.

May 9, 2020 by Jamf Threat Labs

Seeing (Mail)Demons? Technique and Triggers

Jamf Threat Labs team researchers provide a deep dive into triggers that have been found in the wild, relating to the MailDemon vulnerability. Also, techniques on how to uncover this critical security threat.

April 20, 2020 by Jamf Threat Labs

You’ve got (0-click) mail!

Jamf identifies zero-click threats that target vulnerable iOS devices, compromising them through the Mail app. Read more about this threat and how to protect your Apple mobile fleet against it effectively.

March 31, 2020 by Jamf Threat Labs

Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalation: Writeup + POC

Meet the SMBGhost (CVE-2020-0796) bug hidden in the compression mechanism of SMBv3.11 (fixed).

November 25, 2019 by Jamf Threat Labs

TFP0 POC on PAC-Enabled iOS Devices <= 12.4.2

This blog provides an overview of an exploitation technique to bypass Pointer Authentication Code (PAC) which was introduced on all iOS devices since A12. This blog will focus on CVE-2019-8797, CVE-2019-8795 and CVE-2019-8794. The remainder of this report provides additional details about PAC bypass on iOS <= 12.4.2.

May 17, 2019 by Jamf Threat Labs

Suspected Bug Collision: iOS/OSX Content Filter Kernel UAF Analysis + POC

The iOS 12.3/MacOS 10.14.5 version was released on May 13th, 2019. This update patched a Use-After-Free vulnerability in the XNU kernel that Jamf Threat Labs team independently discovered in early May 2019. However, at the time of writing, the Jamf team is not aware whether a CVE was assigned to this vulnerability since it was patched during our preparations to disclose this vulnerability to Apple.

March 24, 2019 by Jamf Threat Labs

CVE-2019-7286 Part II: Gaining PC Control

Following our previous blog post “Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286” we discussed the details of CVE-2019-7286 vulnerability – a double-free vulnerability that was patched in the previous release of iOS and was actively exploited in the wild. There is no public information about this vulnerability.

March 12, 2019 by Jamf Threat Labs

Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286 - Jamf Threat Labs

Learn about the four vulnerabilities patched in iOS 12.1.4, two of which were exploited in the wild as zero days, according to Project Zero's Ben Hawkes. Join Threat Labs as they analyze and reveal more details about these vulnerabilities.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.