Software Giant Ivanti Discloses Active Exploitation of Endpoint Manager Mobile Vulnerabilities

By Netvora Tech News

---

Ivanti, a leading provider of IT management and security solutions, has disclosed that its Endpoint Manager Mobile (EPMM) software has been actively exploited by attackers, exploiting vulnerabilities in the product's mobile management engine. EPMM is a software engine that enables mobile device management (MDM) capabilities, allowing organizations to manage mobile devices, such as approved applications and policies.

According to Ivanti, the exploited vulnerabilities are located in open-source libraries used by EPMM and have not yet been assigned CVE numbers. The company has released a security bulletin with more information, but it is only available to registered customers.

Ivanti has identified that a limited number of customers have been affected by the vulnerabilities, but the company has not disclosed the exact number of impacted customers or the timing of the attacks. The company is urging organizations to install the available patch immediately to mitigate the risk of exploitation.

History of Exploitation

The vulnerabilities in EPMM have been exploited in the past, with Ivanti citing an example of an attack against the Norwegian government. This is not the first time that EPMM has been targeted by attackers, highlighting the importance of timely patching and proactive security measures.

Action Required

• Organizations using EPMM should immediately install the available patch to mitigate the risk of exploitation.
• Customers should ensure that their systems are up-to-date and running the latest version of EPMM.
• IT teams should conduct regular security audits and vulnerability assessments to identify and remediate any potential security issues.

Ivanti's disclosure serves as a reminder of the importance of prioritizing security and patching vulnerable software components to prevent exploitation by attackers.