Security Portal
This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company as well as specific resources for our Jamf Pro product offering.
Jamf has been building the world’s leading solutions to help secure and manage Apple products since 2002. Jamf's commitment to data privacy and security is embedded in every part of our business. For further information, please reach out to info@jamf.com to start working with us!
Documents
Additional Evidence
Additional Evidence
Additional Evidence will be provided here if applicable.
Project Glasswing, Claude Mythos - Jamf Statement
Jamf takes Project Glasswing and Anthropic's Mythos initiative seriously and we're already moving. Mythos is a large-scale, coordinated effort to surface and disclose previously unknown vulnerabilities across widely deployed software and hardware. While no specific vulnerabilities have been identified in Jamf products at this time, the sheer scale and pace of anticipated disclosures demand that we stay ahead of it. Our security leadership and executive team are actively monitoring developments, strengthening our vulnerability management program, and expanding our use of AI-driven penetration testing and external attack surface assessments across Jamf Cloud and its dependencies.
Jamf is not a participant in Project Glasswing, but we're watching every public disclosure closely and assessing each for relevance to our product suite. Our vulnerability management program is built on layered security practices including static and dynamic code analysis, software composition analysis, and runtime vulnerability scans. It includes both prioritized and emergency patching workflows so we can move fast when it counts. Our incident response program is grounded in the NIST SP 800-61 framework, and we're reviewing our capacity, tooling, and processes to ensure we can scale our response to match the volume. When patches affect platform behavior or require action on your end, we'll reach out through our standard notification channels before or as those changes happen. We're committed to keeping you informed and giving you everything you need to plan and respond with confidence.
CVE-2025-55182 and CVE-2025-66478 - No Impact to Jamf
After a thorough security review we can confirm that Jamf is not affected by these specific vulnerabilities.
We will continue our security monitoring for the CVE's and any further updates will be posted here.
Detailed information on the CVE's can be found here:
CVE-2025-55182
CVE-2025-66478
F5 Security Incident - No Impact to Jamf
Jamf is aware of the recent F5 security incident and can confirm that we are not affected as we do not use any F5 applications within our customer facing environments.
Jamf is also not aware of any sub-processors that have been affected by this incident.
Further details on this incident can be found here: F5 Security Incident.