Jamf Threat Labs Investigating security threats that put organizations and users at risk.
What is Jamf Threat Labs?
We help Jamf customers identify and remediate security risks.Jamf Threat Labs is comprised of experienced threat researchers, cybersecurity experts and data scientists, with skills that span penetration testing, network monitoring, malware research and app risk assessment primarily focused on Apple and mobile ecosystems.
Our team’s job is to continually hunt for vulnerabilities, threats and data exposures — we have uncovered a number of high-profile and novel security events including thousands of previously unknown and undiscovered threats — by leveraging MI:RIAM, our machine intelligence engine, primarily to build up the security capabilities of Jamf products.
Stay informed. Latest Threat Labs articles
Jamf Threat Labs discovers vulnerability in Airplane Mode.
Read about Jamf Threat Labs' exploit of a vulnerability that allows malicious apps to remain connected while the device appears to be in Airplane Mode.
Jamf defends against new threats.
Jamf Threat Labs quickly adds defenses for found-in-the-wild JokerSpy malware that executed SwiftBelt via a back door.

Jamf Threat Labs discovers CVE-2023-27930, dubbed ColdInvite
Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Recent mobile spyware shows attacks are becoming more sophisticated.
Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.
Read all Jamf Threat Labs content
View our comprehensive list of all blogs written by Jamf Threat Labs.
Real problems need real solutions.
actually originate with authorized users accessing unauthorized systems.
involve stolen or weak passwords
Stay vigilant. Latest Threat Lab reports
Security 360: Annual Trends Report
As the workforce continues to be distributed, our perspective on the modern threat landscape continues to evolve to meet the consistent requirements of endpoint compliance, ensuring data security while upholding user privacy in the face of evolving risk. Learn about the top 5 security trends in this year's report.
Phishing Trends Report
Why? Because it’s easier for an attacker to exploit a person and capture data via a phishing attack than it is to exploit a robust device operating system. In fact, user credentials are far more valuable to an attacker in this age of cloud-enabled enterprises, as they provide access to sensitive data that is stored and managed beyond the device in SaaS applications, online file storage repositories and data centers.
An Analysis of iOS App Permissions
Mobile apps need data to function. That’s why app developers ask for varying levels of access to the information on your mobile device. To better understand the use of app permissions and the information that app developers are trying to collect, we looked at the metadata within a sample of almost 100,000 popular apps across the App Store catalog.