Jamf.app is damaged and cannot be opened

bwoods
Valued Contributor

Noticed this message on one of my pilot machines today. I had to reinstall the framework via the API. Anyone seen this on version 10.44.1 or 10.45.0 of Jamf Cloud? User is running macOS Ventura 13.2.

bwoods_0-1680533330801.png

 

 

13 REPLIES 13

piotrr
Contributor III

Errr, not yet but thanks for the scare. 

Any idea how it happened? 

Daniel_Mork
New Contributor II

I just got this error after upgrading a Mac from 12.6.4 to 13.3.1.

JAMF Cloud Version: 10.45.0-t1678116779

10.45.0-t1678116779

bwoods
Valued Contributor

@Daniel_Mork , I'm noticing this happening on my clients as they update to 13.3.1 as well. Seems like Ventura's security framework is a bit overzealous. 

bwoods
Valued Contributor

bwoods
Valued Contributor

Daniel_Mork
New Contributor II

Thanks for the extra info. A simple un-enrollment and re-enrol back into JAMF has fixed it, but hoping when I start upgrading customers this doesn't happen regularly. Thankfully this was a test machine.

bwoods
Valued Contributor

@Daniel_Mork  I would advise opening a ticket with jamf support. Others in the Macadmins Slack are seeing it too. Imagine re-enrolling your fleet on a large scale.

bwoods
Valued Contributor

You can just redeploy the framework via API by the way.

erickj
New Contributor II

Did anything new come of this?  Seeing some systems just going through enrollment with the issue.

bwoods
Valued Contributor

@erickj , this is basically how Apple intends for gatekeeper to behave now. They gave some warning that changes were being made, but they were never transparent about what admins and vendors can and cannot do. From what I've seen in the past, Apple will never change gatekeeper back to the way it was. Admins and vendors just have to adjust the changes that they've made; even though we don't know what they are exactly. (sucks)

I've opened a ticket with Jamf to warn them. This may affect their business.

https://eclecticlight.co/2022/06/17/app-security-changes-coming-in-ventura/

https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#rapid-security-res...

https://www.kolide.com/blog/the-security-and-it-admin-s-guide-to-macos-ventura

 

 

 

mredell
New Contributor

@bwoods did Jamf ever get back to you about a fix for this? Or is un-enrolling and reenrolling the way to go? I'm now seeing it with an end user in our environment.

bwoods
Valued Contributor

@mredell , nothing much came from my ticket. I created an API script that my techs can run from Self Service to redeploy the frame work when they run into the issue. Running "sudo jamf update -forceUpdate" also fixes a majority of these issues. The script below is for instances in which the binary is completely broken. The issue predominantly happens after a binary update.

 

 

 

 

 

 

#!/bin/sh

# Name: redeployJamfFramework.sh
# Author: Brandon Woods

# Date 05/18/2023
# This will allow technicians to redeploy a machine's framework from Self Service without needing to reference the API username or password.
# The script also encodes the API credentials to prevent bad actors from stealing our information.

# Server connection information
url="https://yourinstance.jamfcloud.com"
username="$4"
password="$5"

# local variables
currentUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
currentUID=`id -u "$currentUser"`

# functions
Serial(){
	# Prompts the user for serial number that the jamf framework should be redeployed to.
	/bin/launchctl asuser "$currentUID" sudo -iu "$currentUser" /usr/bin/osascript <<APPLESCRIPT
	set validatedPass to false
	repeat while (validatedPass = false)
	-- Prompt the user to enter their filevault password
	display dialog "Please enter the serial number." with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:com.apple.macbookpro-16-space-gray.icns" default answer "" buttons {"Continue"} default button "Continue"
	set fvPass to (text returned of result)
	display dialog "Please re-enter the serial number." with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:com.apple.macbookpro-16-space-gray.icns" default answer "" buttons {"Continue"} default button "Continue"
	if text returned of result is equal to fvPass then
	set validatedPass to true
	fvPass
	else
	display dialog "The serial numbers you have entered do not match. Please enter matching serial numbers." with title "Serial Number Validation Failed" buttons {"Re-Enter Serial Number"} default button "Re-Enter Serial Number" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:com.apple.macbookpro-16-space-gray.icns"
	end if
	end repeat
APPLESCRIPT
}

initilizeFrameworkRedeployment(){
	# create base64-encoded credentials
	encodedCredentials=$( printf "${username}:${password}" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )
	
	# request auth token
	authToken=$( curl -X POST "${url}/api/v1/auth/token" -H "accept: application/json" -H "Authorization: Basic ${encodedCredentials}" )
	
	# parse authToken for bearertoken, omit expiration
	token=$(/usr/bin/awk -F \" 'NR==2{print $4}' <<< "$authToken" | /usr/bin/xargs)
	
	serialNumber=$(Serial)
	
	# Determine Jamf Pro device id
	deviceID=$(curl -s -H "Accept: text/xml" -H "Authorization: Bearer ${token}" ${url}/JSSResource/computers/serialnumber/"{$serialNumber}" | xmllint --xpath '/computer/general/id/text()' -)
	echo $deviceID
	
	# Redeploye Jamf Framework
	curl -X POST "https://${url}/api/v1/jamf-management-framework/redeploy/$deviceID" -H "accept: application/json" -H "Authorization: Bearer $token"
	
    # Invalidate existing token and generate new token
	curl -X POST "${url}/api/v1/auth/keep-alive" -H "accept: application/json" -H "Authorization: Bearer ${token}"
}

# Script Execution
initilizeFrameworkRedeployment