Posted on 07-02-2024 01:25 AM
Apart from waiting for Apple to release a patch for this. Can I ask what other mitigations people are doing or thinking about doing for this recent issue?
Posted on 07-02-2024 05:50 AM
We have pretty hard core adopted zero trust, there is no direct peer to peer access between workstations. About 2 years ago I disabled SSH on our Macs, which did close quite a few vulnerabilities with how lackadaisically Apple likes to patch SSH.
Posted on 07-02-2024 06:45 AM
Well I'm not worrying 1 bit about it because it looks like it may only be possible on 32bit systems and only really affects Debian based linux systems.
Posted on 07-02-2024 06:45 AM
Posted on 07-02-2024 10:17 AM
Our security team pinged us on this. I opened a ticket with Apple Enterprise Support and received the below response....pretty standard response from Apple. From what I understand this vulnerability only impacts Glibc-based “Debian” Linux operating systems. Apple may not ever provide a specific update to address this if the CVE does not actually impact macOS.
________________________________
Thanks for reaching out to AppleCare Enterprise Support Engineering for assistance today. I understand that you have questions about CVE-2024-6387 and if it affects macOS/iOS.
To protect our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Because of that, I cannot say how and when a resolution will be delivered. Until then, you can monitor security updates from our Product Security team as outlined on the Apple Product Security page: https://www.apple.com/support/security/
The fastest way to hear about software updates for security issues is via Apple’s public security-announce list. If you are not on that list I highly recommend it. You can get information about this list here:
Posted on 07-02-2024 12:14 PM
I think apple should adjust this auto reply. We got pretty much the same thing on the databreach last week.
To protect our shareholders, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available....
Posted on 07-09-2024 10:24 AM
Not that it mattered, but i wrote an EA to check for SSH being enabled, and if it is, then i turn it off https://www.alansiu.net/2020/09/02/scripting-ssh-off-on-without-needing-a-pppc-tcc-profile/ to make security happier.
Posted on 07-09-2024 10:28 AM
not seeing the EA on that link?
Posted on 07-11-2024 05:34 AM
Has anyone developed a script to push from Jamf Pro to update openSSH?
Posted on 07-11-2024 05:50 AM
update it with what? you'd need to wait for Apple to provide an update right?
Posted on 07-11-2024 05:56 AM
I have the newest version of openSSH and used Home Brew to install it on my Mac. I am on 14.5 and was running SSH_9.7. Home Brew worked to install 9.8. I was looking to push this out to our fleet in Jamf due to security seeing anything 9.7 and lower a vulnerability.
Posted on 07-11-2024 06:08 AM
That doesn’t patch the Apple provided version of ssh. That just installs a second copy that now you have to maintain, configure, and update.
Posted on 07-11-2024 06:28 AM
Ah, thanks for the insight.
Posted on 08-20-2024 07:06 AM
A little late to this, but doesn't jamf use SSH to communicate/install software?
Posted on 09-17-2024 01:18 PM
No.