Has anyone found any information on if this is affecting iOS and OSx users in any way?
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0800
Question
Is CVE-2016-0800 affecting Casper Suite?
+2
+15This issue relates to servers/services provided over SSL2. Hopefully, you've switched your server to TLS only. I dropped SSL2 when I dropped SSL3 due to Poodle. If your server supports SSL2, then it may be vulnerable.
+12@akselzip: As @thoule points out, it looks like this issue is related to SSLv2 as used in certain versions of OpenSSL.
First, the JAMF Distribution Server (JDS) and NetBoot/SUS Appliance still rely on OpenSSL for cryptography, but other JAMF Software products do not, as outlined in the discussion about the Heartlbeed vulnerability from April 2014:
Security Update: Heartbleed Bug Vulnerability in OpenSSL
Next, as @thoule mentions, support for SSLv2 was disabled as part of the fix for the SSLv3 POODLE vulnerability in October 2014:
Security Update: SSL version 3.0 "POODLE" Vulnerability
Mitigating the SSL v3.0 POODLE Vulnerability
Finally, we recommend applying the latest patches to servers that are running the JDS and NetBoot/SUS Appliance, and disabling support for SSLv2 and SSLv3 on any servers that are running JSS v9.6 or earlier and/or any load balancers or proxies that you may be using in your environment. Starting with JSS v9.61, only TLS has been supported by default.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.