Jamf Pro critical security vulnerability – PI-007507

Standard

Last night, Jamf released Jamf Pro 10.13.1 & 10.15.1. These were released due to PI-007507. 

This PI is noted as a “critical security vulnerability” which “does not pose a risk to private data or managed devices. It does have the potential to impact the integrity and availability of your web server” but “impacts versions of Jamf Pro 9.4 and later”

As Jamf Pro 10.15.0 was only released 19 days ago, 10.15.1 is the 10.15.0 release with PI-007507 having been patched.

However, for organisations that are still on Jamf Pro 10.13.0 or below due to the move to Java 11 needed for Jamf Pro 10.14.0+, Jamf have released 10.13.1, which is also patched.

Please read the following Jamf Nation post for more information, & if you’re not on a recent Jamf Pro release please also see this post before any upgrades are attempted.

#iamroot – Oops!… I Did It Again / redux

Standard

This post is a redux of the #iamroot vulnerability. The vulnerability was fully patched in 10.13.2, so there is nothing new here.

Secondly, this is also another excuse to post a dancing Groot gif.

Continue reading

#imaroot – it’s fixed, somethings broken, fixed that now too

Standard

A couple of days ago I posted on the #iamroot vulnerability, well it’s now been fixed by Apple (yay!), but this then broke something else (boo!).

See below for a round up & some more detail on the above.

Continue reading

#iamroot High Sierra Root Vulnerability

Standard
UPDATE: Please see https://macmule.com/2017/11/30/imaroot-its-fixed-somethings-broken-fixed-that-now-too/

Earlier tonight I was pointed to a tweet that seemed to show an easy manner for people on High Sierra were able to simply enable root.

Well, the vuln is real. See below for a link to a fix for the issue whilst we await Apple to push a High Sierra update.

Continue reading