blog.dataJAR

Security update: datajar.mobi and log4shell (CVE-2021-44228)

Security update- datajar.mobi and log4shell (CVE-2021-44228)

On Thursday, December 9, 2021, a zero-day exploit in a Java logging library named log4j was disclosed. If exploited, this vulnerability could result in Remote Code Execution (RCE) by logging a certain string.

According to the Randori attack team, who has managed to develop a working exploit and successfully leverage this vulnerability in customer environments: “The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.”

Is there a threat to datajar.mobi customers?

As log4j is one of the default libraries used within Jamf Pro, our Platforms team responded immediately to understand the problem and identify the potential impact to our datajar.mobi infrastructure, if any. 

We tested a variety of exploit proof-of-concepts (POCs), to validate mitigation techniques on Friday, December 10, 2021 and were not successful in triggering this exploit in any of our datajar.mobi instances.

Jamf responded by releasing Jamf Pro 10.34.1 around 02:00 (UTC) on Saturday, December 11, 2021. This patched release was tested and rolled out to all datajar.mobi instances from 08:30-11:30 on Saturday, December 11, 2021, under an emergency maintenance window.

How serious is this vulnerability?

While this is a potentially serious vulnerability, our team has not come across any indication or evidence of successful exploitation of this CVE in any of the Jamf Pro instances hosted in the dataJAR cloud. We have carried out extensive log monitoring on all datajar.mobi instances without encountering any indications of compromised systems or suspicious activity.

 For more information on CVE-2021-44228, please see:

What about additional Jamf products?

Jamf has listed all their products and advised on their vulnerability status in this Jamf Nation post. In addition, an update has been released for Jamf Infrastructure Manager that addresses the vulnerability.

Update, 20/12/2021:

The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.16.0, which remediated a log4j vulnerability (CVE-2021-45046 in addition to CVE-2021-44228). It is strongly recommended that you upgrade to Jamf Pro 10.34.2 as soon as possible.

We are here to help.

If you are a datajar.mobi customer and have any further questions/comments or would like assistance in upgrading your Jamf Infrastructure Manager, please email support@datajar.co.uk.

Latest posts

See All
February 9, 2024

Update: dataJAR blog content moving to Jamf’s platform

Featured image for “Update: dataJAR blog content moving to Jamf’s platform”
July 26, 2023

Did somebody mention macOS updates?

Featured image for “Did somebody mention macOS updates?”

Featured articles

May 4, 2023

Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for 

Featured image for “Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for ”
March 15, 2023

Getting started with web browser management in Jamf Pro

Featured image for “<strong>Getting started with web browser management in Jamf Pro</strong>”