Security News > 2023 > August > Ivanti discloses new critical auth bypass bug in MobileIron Core

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software.

"MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.

"This vulnerability does not affect any version of Ivanti Endpoint Manager or MobileIron Core 11.3 and above, or Ivanti Neurons for MDM. Our Support team is always available to help customers to upgrade," Ivanti said in a separate security advisory.

Cybersecurity firm Rapid7, which discovered and reported the bug, provides indicators of compromise to help defenders detect signs of a CVE-2023-35082 attack and urges Ivanti customers to update MobileIron Core software to the latest version immediately.

Ivanti patches MobileIron zero-day bug exploited in attacks.

CISA issues new warning on actively exploited Ivanti MobileIron bugs.

News URL

https://www.bleepingcomputer.com/news/security/ivanti-discloses-new-critical-auth-bypass-bug-in-mobileiron-core/