Cookgoh

**Name of the Vulnerable Software and Affected Versions** Jamf Self Service version 10.9.0 **Description** The issue allows man-in-the-middle attackers to obtain a root shell. This is achieved by leveraging the "publish Bash shell scripts" feature to insert a specific command into the TCP data stream, which enables the execution of `/Applications/Utilities/Terminal app/Contents/MacOS/Terminal`. **Recommendations** For Jamf Self Service version 10.9.0, consider disabling the "publish Bash shell scripts" feature as a temporary workaround until a patch is available. Restrict access to sensitive features to minimize the risk of exploitation.