Help

RCE 0-day exploit found in log4j

Elies
New Contributor II

Posted on ‎12-10-2021 03:30 AM

hello together!
A zero day exploit has been found which affects the latest version of jamf.
https://www.lunasec.io/docs/blog/log4j-zero-day/

This exploit affects the java logger log4j, which is used by Jamf. If you are hosting an onpremise version, take a look at the JSSAccess.log to check for anomalies.

Reply
42 REPLIES 42

adrw
New Contributor II

‎12-17-2021 01:15 PM - edited ‎12-17-2021 01:16 PM

A new, simpler to exploit, log4j vector using websockets and not much more than a normal page load.

https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ 

 

remediation advise is the same as before, patch log4j to 2.16 and monitor in/out requests

0 Kudos
Reply

donmontalvo
Esteemed Contributor III
In response to adrw

Posted on ‎12-17-2021 01:44 PM

Ok, ok, I didn't really want to go to the movies tonight.

Jamf Pro 10.34.2, here I come.

--
https://donmontalvo.com
0 Kudos
Reply

adrw
New Contributor II
In response to donmontalvo

Posted on ‎12-17-2021 02:42 PM

You bet, we're all eagerly waiting.

I'd rather patch Jamf to 10.34.2 with log4j patch included, then patch log4j in isolation.

0 Kudos
Reply