Zombieloadattack and force updating MacOS

10.14.5 was released today. At the same time news of a brand new vulnerability that can get low-level access to your Macs memory. Well not all Macs, but if it was built in the last 10 year basically.  But wait there is more! The awesome thing about it is that it’s can be done when you are visiting a website.

Here is some more info about it -> https://zombieloadattack.com

This means I need to deal with this update quickly. We had the policy to delay updates so we will need to rethink it.


Here is the plan of action for tomorrow:


First I would really like to thank my previous self and our team for setting up Jamf last year so we don’t need to run around now.


1. Smart group – Macs not upgraded to 10.14.5.

2. Policy – Create an APFS snapshot for rollback, just in case. Trigger next policy

3. Policy – cache the MacOS installer on the client machine.

4. Smart group – Macs that have the finished caching the latest update package. Assign to the next policy.

5. Policy – give a popup every 4 hours to the users to save their work, close all apps and run the update. Let them know why we are doing this and that it might take 30 min.


I do have a few questions for you guys:

How are you dealing with urgent updates?

Where do you get your security news?


UDPATE – Created a follow up article:



2 thoughts on “Zombieloadattack and force updating MacOS

  1. Can you give your JAMF workflow/how-to for step 2. Policy – Create an APFS snapshot for rollback, just in case. Trigger next policy?

    We are doing the same short of the snapshot. Also for step 5 I’m curious on the notification as well. We use “alertr” but without looking I believe policies can only be ran once per day in JAMF.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s