Author: Melodie Foster
Date: 27th November 2020
Government security experts are urging organisations to patch a flaw in MobileIron products that causes remote code execution and it is currently being exploited in the wild.
GCHQ’s National Cyber Security Centre sent out an alert urging organisations to patch the critical bug. The alert pointed out that the bug could allow a remote attacker to execute arbitrary code on a system. It also pointed out that the US Cybersecurity and Infrastructure Security Agency had mentioned in October that the vulnerability was being chained with the Zerologon bug in attacks.
The alert also said, “A proof of concept exploit became available in September 2020 and since then both hostile state actors and cyber-criminals have attempted to exploit this vulnerability in the UK.” The alert also mentioned how systems have successfully been compromised because of the latest updates not being installed. Furthermore, “the healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.”
The bug affects MobileIron’s mobile device management systems and the affected versions are 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0. A patch has been available sine June and MobileIron recommends to “Apply one of the following patches (v10.3.0.4, v10.4.0.4, v10.5.1.1, v10.5.2.1, v10.6.0.1) or update to a later version.” 
Cyberfort Colocation Services
Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >
Cyberfort Deep Dives
Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >