Author: Melodie Foster

Date: 27th November 2020

 

Government security experts are urging organisations to patch a flaw in MobileIron products that causes remote code execution and it is currently being exploited in the wild.

GCHQ’s National Cyber Security Centre sent out an alert urging organisations to patch the critical bug. The alert pointed out that the bug could allow a remote attacker to execute arbitrary code on a system. It also pointed out that the US Cybersecurity and Infrastructure Security Agency had mentioned in October that the vulnerability was being chained with the Zerologon bug in attacks.

The alert also said, “A proof of concept exploit became available in September 2020 and since then both hostile state actors and cyber-criminals have attempted to exploit this vulnerability in the UK.” The alert also mentioned how systems have successfully been compromised because of the latest updates not being installed. Furthermore, “the healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.”[1]

The bug affects MobileIron’s mobile device management systems and the affected versions are 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0. A patch has been available sine June and MobileIron recommends to “Apply one of the following patches (v10.3.0.4, v10.4.0.4, v10.5.1.1, v10.5.2.1, v10.6.0.1) or update to a later version.” [2]

[1] https://www.infosecurity-magazine.com/news/uk-spies-urge-firms-patch/

[2] https://www.mobileiron.com/en/blog/mobileiron-security-updates-available

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox