Jamf Nation Community

Well I'm not worrying 1 bit about it because it looks like it may only be possible on 32bit systems and only really affects Debian based linux systems. 

Our security team pinged us on this. I opened a ticket with Apple Enterprise Support and received the below response....pretty standard response from Apple. From what I understand this vulnerability only impacts Glibc-based “Debian” Linux operating systems. Apple may not ever provide a specific update to address this if the CVE does not actually impact macOS.

________________________________

Thanks for reaching out to AppleCare Enterprise Support Engineering for assistance today. I understand that you have questions about CVE-2024-6387 and if it affects macOS/iOS.

To protect our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Because of that, I cannot say how and when a resolution will be delivered. Until then, you can monitor security updates from our Product Security team as outlined on the Apple Product Security page: https://www.apple.com/support/security/

The fastest way to hear about software updates for security issues is via Apple’s public security-announce list. If you are not on that list I highly recommend it. You can get information about this list here:

https://lists.apple.com/mailman/listinfo/security-announce

Not that it mattered, but i wrote an EA to check for SSH being enabled, and if it is, then i turn it off https://www.alansiu.net/2020/09/02/scripting-ssh-off-on-without-needing-a-pppc-tcc-profile/ to make security happier.

Has anyone developed a script to push from Jamf Pro to update openSSH?  

update it with what? you'd need to wait for Apple to provide an update right?