Jamf Threat Labs Investigating security threats that put organizations and users at risk.
What is Jamf Threat Labs?
We help Jamf customers identify and remediate security risks.Jamf Threat Labs is comprised of experienced threat researchers, cybersecurity experts and data scientists, with skills that span penetration testing, network monitoring, malware research and app risk assessment primarily focused on Apple and mobile ecosystems.
Our team’s job is to continually hunt for vulnerabilities, threats and data exposures — we have uncovered a number of high-profile and novel security events including thousands of previously unknown and undiscovered threats — by leveraging MI:RIAM, our machine intelligence engine, primarily to build up the security capabilities of Jamf products.
Stay informed. Latest Threat Labs articles

Jamf Threat Labs identifies macOS Archive Utility vulnerability
Jamf Threat Labs identifies a new vulnerability affecting the Archive Utility in macOS, assigned CVE-2022-32910.
Russia-Ukraine Cyber-Warfare
Jamf Threat Labs discusses the various tactics and campaigns threatening the cybersecurity of users on both sides.
Safari vulnerability allows for Gatekeeper bypass discovered in CVE-2022-22616
Jamf Threat Labs discovers CVE-2022-22616, allowing for bypassing of Gatekeeper security controls and potentially allowing malicious actors to abuse the Safari vulnerability to distribute apps that can compromise your Apple endpoints and/or put your data at risk.
Java exploit allows for command execution detected in CVE-2022-22965
Jamf Threat Labs primer on CVE-2022-22616, which allows the execution of commands from a Tomcat server compromised by Spring4Shell Java-based exploit. Also, how Jamf Protect's built-in analytics help admins detect this threat.
Real problems need real solutions.
for organizations today is stolen login credentials
actually originate with authorized users accessing unauthorized systems.
involve stolen or weak passwords
involving remote tools had a VPN issue
Stay vigilant. Latest Threat Lab reports
Security 360: Annual Trends Report
This year’s report looks at five key security trends impacting real organizations with users that are connecting remotely to a multitude of apps hosted in private and public data centers via a variety of portable devices and platforms.
Phishing Trends Report
Why? Because it’s easier for an attacker to exploit a person and capture data via a phishing attack than it is to exploit a robust device operating system. In fact, user credentials are far more valuable to an attacker in this age of cloud-enabled enterprises, as they provide access to sensitive data that is stored and managed beyond the device in SaaS applications, online file storage repositories and data centers.
An Analysis of iOS App Permissions
Mobile apps need data to function. That’s why app developers ask for varying levels of access to the information on your mobile device. To better understand the use of app permissions and the information that app developers are trying to collect, we looked at the metadata within a sample of almost 100,000 popular apps across the App Store catalog.