UK Spies Urge Firms to Patch MobileIron Bug ASAP

Nov 26, 2020 12:00 pm Cyber Security 210

UK Spies Urge Firms to Patch MobileIron Bug ASAP

UK government security experts are urging organizations to rapidly patch a remote code execution flaw in MobileIron products being actively exploited in the wild by nation state groups.



The notice from GCHQ’s National Cyber Security Centre (NCSC) explained that CVE-2020-15505, which affects the mobile device management company’s MobileIron Core and Connector products, could allow a remote attacker to execute arbitrary code on a system.



It also noted that the US Cybersecurity and Infrastructure Security Agency (CISA) pointed out in October that the vulnerability was being chained with the Zerologon bug CVE-2020-1472 in attacks.



Although the identity of the nation state actors was not disclosed, the vulnerability was recently featured on the NSA’s Top 25 list of the most exploited bugs by Chinese attackers.



“A proof of concept exploit became available in September 2020 and since then both hostile state actors and cyber-criminals have attempted to exploit this vulnerability in the UK,” noted the NCSC alert.



“These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting (T1505.002). In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.”



A patch has been available since ..

Support the originator by clicking the read the rest link below.

spies firms patch mobileiron
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!