Jamf Blog

A 0-click vulnerability that was identified by Jamf Threat Labs is reproduced, alongside a breakdown of how it works and why it is critical to protect your iOS-based mobile fleet from CVE-2021-30860.

Jamf Threat Labs team investigates the 0-click vulnerability affecting Wi-Fi that permits remote code execution (RCE) if exploited, triggering a Denial of Service (DoS) attack, among others. In this blog, the researchers identify what makes the vulnerability possible, how it works and deep dive into the technical details, as well as how to fix the issue to keep your iOS-based fleet protected.

This blog analyzes the CVE-2020-17096 vulnerability and provides a PoC exploit resulting in denial of service.

We detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack detection was automatically detected using Mobile DFIR.

Due to its popularity, iOS has attracted the attention of a large number of security researchers. Apple is constantly improving iOS security, develops and adapts new mitigations at a rapid pace. In terms of the effectiveness of mitigation measures, Apple increases the complexity of hacking iOS devices making it one of the hardest platforms to hack, however, it is not yet sufficient to block skilled individuals and well-funded groups from achieving remote code execution with elevated permissions, and persistence on the device.

This blog post is the first of multiple in a series of achieving elevated privileges on iOS.

In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. This is part two.

This blog investigates the SMBleed vulnerability that was discoverd during an examination of the vulnerable function SMBGhost.

Jamf Threat Labs team researchers provide a deep dive into triggers that have been found in the wild, relating to the MailDemon vulnerability. Also, techniques on how to uncover this critical security threat.