A couple of days ago, a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Log4j 2 utility was disclosed publicly via the project’s GitHub.
The vulnerability itself allows for Remote Code Execution (RCE) by logging a certain string, with the potential the impact of the exploit being full server control.
More information on this vulnerability can be found at numerous sources, including the below:
Log4j 2 is included within Jamf Pro for logging, but don’t panic!
If you’re a Jamf Cloud customer, then this has already been mitigated as per this post on Jamf Nation.
If you self host Jamf Pro, then the below applies:
Jamf Pro versions older than 10.14 are vulnerable to this issue. Versions 10.14 through 10.34 include Java 11, which partially mitigates the issue. The Jamf Pro 10.34.1 release was made available to address the issue completely. Please update to this version as soon as possible.https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740
If you cannot upgrade to 10.34.1, you can manually update Log4j as per the steps documented here.
And, if you are having to upgrade from a few versions behind, don’t go alone.. take this.
Last night, Jamf released Jamf Pro 10.13.1 & 10.15.1. These were released due to PI-007507.
This PI is noted as a “critical security vulnerability” which “does not pose a risk to private data or managed devices. It does have the potential to impact the integrity and availability of your web server” but “impacts versions of Jamf Pro 9.4 and later”
As Jamf Pro 10.15.0 was only released 19 days ago, 10.15.1 is the 10.15.0 release with PI-007507 having been patched.
However, for organisations that are still on Jamf Pro 10.13.0 or below due to the move to Java 11 needed for Jamf Pro 10.14.0+, Jamf have released 10.13.1, which is also patched.
Please read the following Jamf Nation post for more information, & if you’re not on a recent Jamf Pro release please also see this post before any upgrades are attempted.
This post is a redux of the #iamroot vulnerability. The vulnerability was fully patched in 10.13.2, so there is nothing new here.
Secondly, this is also another excuse to post a dancing Groot gif.
A couple of days ago I posted on the #iamroot vulnerability, well it’s now been fixed by Apple (yay!), but this then broke something else (boo!).
See below for a round up & some more detail on the above.
UPDATE: Please see https://macmule.com/2017/11/30/imaroot-its-fixed-somethings-broken-fixed-that-now-too/
Earlier tonight I was pointed to a tweet that seemed to show an easy manner for people on High Sierra were able to simply enable root.
Well, the vuln is real. See below for a link to a fix for the issue whilst we await Apple to push a High Sierra update.