jamJAR – Extension Attribute Update

Standard

A small update this one, but I have rewritten jamJAR’s Extension Attribute in bash.

This is to avoid python prompts in macOS 12+ when running recon.

This updated Extension Attribute can be found here, and should be a drop in replacement for the prior one.

KeRanger ransomware, an attempt at detection & removal via the JSS

Standard
Screenshot 2016-03-07 14.31.40

Transmission is a popular BitTorrent client for Mac, over the weekend it emerged that a version of their app available from the projects website had been swapped with another version.

This version contained the KeRanger ransomware, this seems to be the first functioning example of ransomware affecting OS X.

Below is more information, as well as a script that should alert or clean up affected Macs.

Continue reading

Sparkle Updater Framework HTTP man-in-the-middle vulnerability

Standard

sparkle-logo

Sparkle is an open source update framework that is used within thousands of Mac apps, including my own AutoCasperNBI & AutoImagrNBI.

A vulnerability within which was recently disclosed, with an update to Sparkle issued soon after.

However, the update may take some time to reach all the apps that are on the Macs that we admin. So the below is some more detail, methods of mitigation & detection.

Continue reading

Check EFI Password State Extension Attribute

Standard

JAMF have a great article on deploying the binary needed to set a firmware password on 2010+ Macs via the Casper Suite, here.

I recently had a chance to play with it, but found that the below command (which is used by the following EA to check EFI Password status) often returns nothing or just 0 after running. Regardless if an EFI password is set or not.

sudo /Library/Application\ Support/JAMF/bin/setregproptool -c

So below is a different version of the before linked Extension Attribute, using “expect” & maybe a inelegant check.. but hey, if it works!

Continue reading

Need to find out if a Mac has an Wireless Card?

Standard
UPDATE: Updated to now work with Lion

The Extension Attribute below checks to see if Mac has either an  Airport  or  Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t.

Continue reading

Get Silverlight Version

Standard

The below Extension Attribute checks if Microsofts Silverlight Plugin is installed, if it’s not it returns the message not installed, if it is installed it returns the version number.

Continue reading