MobileIron Flaw Causes Remote Code Execution

Author: Melodie Foster

Date: 27th November 2020

Government security experts are urging organisations to patch a flaw in MobileIron products that causes remote code execution and it is currently being exploited in the wild.

GCHQ’s National Cyber Security Centre sent out an alert urging organisations to patch the critical bug. The alert pointed out that the bug could allow a remote attacker to execute arbitrary code on a system. It also pointed out that the US Cybersecurity and Infrastructure Security Agency had mentioned in October that the vulnerability was being chained with the Zerologon bug in attacks.

The alert also said, “A proof of concept exploit became available in September 2020 and since then both hostile state actors and cyber-criminals have attempted to exploit this vulnerability in the UK.” The alert also mentioned how systems have successfully been compromised because of the latest updates not being installed. Furthermore, “the healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.”[1]

The bug affects MobileIron’s mobile device management systems and the affected versions are 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0. A patch has been available sine June and MobileIron recommends to “Apply one of the following patches (v10.3.0.4, v10.4.0.4, v10.5.1.1, v10.5.2.1, v10.6.0.1) or update to a later version.” [2]

[1] https://www.infosecurity-magazine.com/news/uk-spies-urge-firms-patch/

[2] https://www.mobileiron.com/en/blog/mobileiron-security-updates-available

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

MobileIron Flaw Causes Remote Code Execution

Author: Melodie Foster

Date: 27th November 2020

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta