KeRanger ransomware, an attempt at detection & removal via the JSS

Standard

Screenshot 2016-03-07 14.31.40

Transmission is a popular BitTorrent client for Mac, over the weekend it emerged that a version of their app available from the projects website had been swapped with another version.

This version contained the KeRanger ransomware, this seems to be the first functioning example of ransomware affecting OS X.

Below is more information, as well as a script that should alert or clean up affected Macs.

Continue reading

Sparkle Updater Framework HTTP man-in-the-middle vulnerability

Standard

sparkle-logo

Sparkle is an open source update framework that is used within thousands of Mac apps, including my own AutoCasperNBI & AutoImagrNBI.

A vulnerability within which was recently disclosed, with an update to Sparkle issued soon after.

However, the update may take some time to reach all the apps that are on the Macs that we admin. So the below is some more detail, methods of mitigation & detection.

Continue reading

Check EFI Password State Extension Attribute

Standard

JAMF have a great article on deploying the binary needed to set a firmware password on 2010+ Macs via the Casper Suite, here.

I recently had a chance to play with it, but found that the below command (which is used by the following EA to check EFI Password status) often returns nothing or just 0 after running. Regardless if an EFI password is set or not.

So below is a different version of the before linked Extension Attribute, using “expect” & maybe a inelegant check.. but hey, if it works!

Continue reading

Need to find out if a Mac has an Wireless Card?

Standard

UPDATE: Updated to now work with Lion

This Extension Attribute checks to see if Mac has either an  Airport  or  Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t. Continue reading

Get Silverlight Version

Standard

Checks if Microsofts Silverlight Plugin is installed, if it’s not it returns the message not installed, if it is installed it returns the version number. Continue reading