Jamf Pro critical security vulnerability – PI-007507


Last night, Jamf released Jamf Pro 10.13.1 & 10.15.1. These were released due to PI-007507. 

This PI is noted as a “critical security vulnerability” which “does not pose a risk to private data or managed devices. It does have the potential to impact the integrity and availability of your web server” but “impacts versions of Jamf Pro 9.4 and later”

As Jamf Pro 10.15.0 was only released 19 days ago, 10.15.1 is the 10.15.0 release with PI-007507 having been patched.

However, for organisations that are still on Jamf Pro 10.13.0 or below due to the move to Java 11 needed for Jamf Pro 10.14.0+, Jamf have released 10.13.1, which is also patched.

Please read the following Jamf Nation post for more information, & if you’re not on a recent Jamf Pro release please also see this post before any upgrades are attempted.

#iamroot High Sierra Root Vulnerability

UPDATE: Please see https://macmule.com/2017/11/30/imaroot-its-fixed-somethings-broken-fixed-that-now-too/

Earlier tonight I was pointed to a tweet that seemed to show an easy manner for people on High Sierra were able to simply enable root.

Well, the vuln is real. See below for a link to a fix for the issue whilst we await Apple to push a High Sierra update.

Continue reading