What is Jamf Threat Labs?

Meet the team of experienced threat researchers, cybersecurity experts and data scientists focus on delivering the best, most secure experience to Jamf customers. And how the work of the Jamf Threat Labs helps organizations and users alike succeed with Apple, safely and securely.

May 9 2022 by

Jesus Vigo

Jamf solutions, particularly the security-focused products, all work under one unifying banner, to “help organizations succeed with Apple.” It is the Jamf mission, after all. One that it strives for by empowering the workforce of its customers, allowing them to focus on their jobs and not technological hassles, like security issues.

As much as it may seem like the work of magic or the Force, the simple truth is that a significant portion of the success that goes into keeping Jamf solutions secure and by extension, securing your organization’s devices, users and sensitive data, is in no small part thanks to the work of the Jamf Threat Labs.

What exactly does Jamf Threat Labs do?

The Jamf Threat Labs, or JTL for short, works tirelessly to hunt for vulnerabilities, threats and data exposures in all products in the Apple ecosystem. Utilizing their combined skills, leveraging their extensive skill sets, the cybersecurity experts and data scientists of the JTL work with MI:RIAM, Jamf’s machine intelligence engine, to primarily build up the security capabilities of Apple products and mobile ecosystems, alongside Jamf products.

If there's something wrong, those who have the ability to take action have the responsibility to take action.

- Benjamin Franklin Gates, National Treasure

What has JTL found?

In addition to the work they perform to ensure Jamf solutions remain secure, the Jamf Threat Labs team has found and co-founded a number of threats and critical vulnerabilities that negatively impact Apple users across macOS and iOS-based devices.

The process of analyzing data, performing app risk assessments or monitoring networks for the presence of malicious communications between compromised devices and C2 servers and/or bad actors is only a fraction of the tasks the JTL team routinely performs when working to identify potential threats.

The thrill of the hunt is quenched only temporarily once threats are verified, as the team then pivots to identifying the vectors of the attack or compromise, developing ways to prevent them. Mitigation tactics are then integrated into Jamf’s endpoint protection solutions so that users may be protected against identified threats, allowing organizations and end user's alike to maintain a strong security posture.

A few examples of threats found/co-founded by Jamf Threat Labs include:

CVE-2022-22616: Safari vulnerability allowing for Gatekeeper bypass, leading to the execution of unsigned, un-notarized applications without displaying security prompts to the user

CVE-2021-30713: Zero-day exploit that bypassed the TCC framework, permitting unauthorized apps to obtain permissions to resources without the end user’s explicit approval

CVE-2021-30657: Shlayer malware bypasses Gatekeeper, Notarization and File Quarantine, allowing unapproved apps to run on macOS and distributed via poisoned search results

Who is JTL?

So, you might be wondering, who is a member of the Jamf Threat Labs? JTL team members span the gamut of the information security and threat hunting landscape including:

  • Penetration testing
  • Network monitoring
  • Malware research
  • Risk assessment

Beyond that, their secret identities are fervently protected. Sorry, but not even if you ask nicely. To quote the Wu-Tang Clan, “It’s our secret. Never teach the Wu-Tang!”

We can however share this nugget of information regarding our merry band of gold-hearted misfits. Summing up their skills, knowledgebase and commitment to endpoint security at Jamf with one, singular word to best describe who comprises the team: ROCKSTARS!

“A Jedi uses the Force for knowledge and defense, never for attack.”

- Yoda, The Empire Strikes Back

Rounding out the JTL team is MI:RIAM, Jamf’s very own AI and advanced machine learning technology which provides real-time analysis of the volume and complexity of cyberattacks, including detection of potential new threats, faster, more efficient threat response and automated remediation workflows…plus a whole lot more.

The JTL team gathers data and quantifies threats, providing insight and informing a number of different outlets, not limited to:

  • Threat intelligence
  • Trends and attack modeling
  • Security and phishing reports
  • Expert guidance
  • Technical papers
  • Thought leadership
  • Mitigation strategies

Jamf Threat Labs is like having a threat hunting team in your corner every time you deploy Jamf solutions.

See for yourself how Jamf Threat Labs and endpoint security solutions keep your devices protected, users productive and critical data secured.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.