MobileIron Flaw Causes Remote Code Execution

The alert also said, “A proof of concept exploit became available in September 2020 and since then both hostile state actors and cyber-criminals have attempted to exploit this vulnerability in the UK.” The alert also mentioned how systems have successfully been compromised because of the latest updates not being installed. Furthermore, “the healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.”[1]

The bug affects MobileIron’s mobile device management systems and the affected versions are 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0. A patch has been available sine June and MobileIron recommends to “Apply one of the following patches (v10.3.0.4, v10.4.0.4, v10.5.1.1, v10.5.2.1, v10.6.0.1) or update to a later version.” [2]

[1] https://www.infosecurity-magazine.com/news/uk-spies-urge-firms-patch/

[2] https://www.mobileiron.com/en/blog/mobileiron-security-updates-available