Jamf Pro and log4shell (CVE-2021-44228)

Standard

A couple of days ago, a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Log4j 2 utility was disclosed publicly via the project’s GitHub.

The vulnerability itself allows for Remote Code Execution (RCE) by logging a certain string, with the potential the impact of the exploit being full server control.

More information on this vulnerability can be found at numerous sources, including the below:

Log4j 2 is included within Jamf Pro for logging, but don’t panic!

If you’re a Jamf Cloud customer, then this has already been mitigated as per this post on Jamf Nation.

If you self host Jamf Pro, then the below applies:

Jamf Pro versions older than 10.14 are vulnerable to this issue. Versions 10.14 through 10.34 include Java 11, which partially mitigates the issue. The Jamf Pro 10.34.1 release was made available to address the issue completely. Please update to this version as soon as possible.

https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

If you cannot upgrade to 10.34.1, you can manually update Log4j as per the steps documented here.

And, if you are having to upgrade from a few versions behind, don’t go alone.. take this.

Patch Solutions on the Jamf Marketplace

Standard

On the last day of this years JNUC, it was my honour to be included in a panel titled “Patch Solutions on the Jamf Marketplace” (the content of which is pretty self explanatory) alongside Armin Briegel, Ryan Ball and Sam Weiss.

See below for a link to the panels video, as well as links to the marketplace entries for the items discussed.

Continue reading

Managing iPads, for the Mac Admin

Standard

During day one of this years JNUC, I gave a talk titled “Managing iPads, for the Mac Admin”.

The premise of this talk was to touch on on things which are both familiar and unknown, when it comes to being a Mac Admin suddenly tasked with managing iPads.

Below you’ll find a link to the talks video and a link to the talks GitHub repo.

But, be warned.. I had 30 minutes to deliver over 100 slides and a little cold too.. so those that find my accent difficult at normal speed, might need to slow this one down or read the subtitles (which don’t appear to have any exciting surprises this time).

Continue reading

Maintenance completed!

Standard

Hopefully, all 229 posts from the past eleven years and two months have all been sorted.

All the code examples have been moved to gists from repos, and they will now show inline natively.

There was also still some http:// items from way back when this blog was just http://, which have been moved to https.

And, there was some images missing.. for $reasons.

I’ve also rejigged some backend stuff and removed some older plugins.

So, a fair bit or maintenance over the past 11 days. Let me know if any issues encountered.

Lastly, once more, thanks to @SudarMuthu for the WP Github Gist plugin which served this blog so well.

Where did the code examples go? Well…

Standard

A few folks have noticed that the code examples have disappeared from my posts, well.. I was using a plugin called WP Github Gist to display the code as this blog has been around since before WordPress added native support for Gists.

However, this plugin no longer works.

But, don’t panic!! Things will come back, I just need to manually update the 229 posts here (over 11 years worth), to use Gists.

One of this things I most liked about WP Github Gist and will miss, was the fact that I could link to lines within a file within a GitHub repo and has them displayed. Instead of creating a gist per post (as an example, this file was used across a number of posts).

So, there is some work for me to do.

If you’re looking at a post, and are missing the content, please message me on Slack or Twitter.

No SLA mind, but I’ll look to update the posts requested over the older ones.

And lastly, thanks to @SudarMuthu for the WP Github Gist plugin which served this blog so well.

Notifications showing a prohibitory symbol after upgrading to macOS Monterey

Standard

After upgrading to macOS Monterey, you might see notifications like the above.

If so, the simple solution is to logout and then back in (or restart) or alternatively to restart the Notification Center via:

/usr/bin/killall NotificationCenter

This seems to correct things, without any deeper delving into the issue.

Many thanks for @nstrauss and @Tyler Sparr for mentioning this on the macadmins slack, and raising an issue for Notifier too.

Apple Business Manager and School Manager Terms Update – October 25, 2021

Standard

Yesterday, Apple issued updated terms to both Apple Business Manager and Apple School Manager.

Not much has changed here from my prior posts on these and the on the mechanisms at play here and the impact.

The impact of not agreeing these terms are:

In Apple School Manager, Apple Business Manager, and the Device Enrollment Program, you can’t assign new devices to your MDM server, even if you have selected the option to automatically assign new purchases to a specific MDM server.

https://support.apple.com/en-gb/HT203063

So, get and AxM admin reading and approving!

And, if you’re new to these changes or want a recap please see this post.

macOS Monterey prompt: “…..” needs to be updated

Standard

During your testing of macOS Monterey (betas or today after it’s release), you might receive a prompt like that shown above.

Well, does this mean that the “JamfManagementService” needs an update? Nope! and, to be clear, this is something you’ll likely see even if you don’t use Jamf.

Below is some information on this message, what triggers it, and how to start to uncover what on your macOS devices are triggering it.

Continue reading

Jamf Switcher – 1.3.1

Standard

Yesterday, we released Jamf Switcher, bringing the app to 1.3.1.

This release is needed if you’re running Jamf Pro 10.33+.  Due to the Self Service Bookmark XML in Jamf 10.33.0 changing the element  <attribute name="jssdescription" type="string">JSS</attribute> to: <attribute name="serverdescription" type="string">JSS</attribute>.

Without this change, no data is shown.

Jamf Switcher will now check for either XML element, meaning this release will work for 10.33+ and prior.

Signing up to Adobe Creative Cloud product update emails

Standard

If you deploy Adobe Creative Cloud, and you’re not leaving folks to solely update via the Creative Cloud Desktop App, you might want to be notified on new updates.

Well, Adobe does have a way to notify you via email. But it’s a little hidden, and doesn’t cover all Adobe Creative Cloud products.

See below for how to subscribe to these email updates.

Continue reading