Actively exploited Ivanti Endpoint Manager Mobile zero-day addressed

Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports. Ivanti EPMM versions 11.10, 11.9, and 11.8, as well as other older releases are impacted by the flaw, tracked as CVE-2023-35078, which could be leveraged to facilitate the compromise of personally identifiable information and the implementation of server changes, according to a private bulletin by Ivanti, which noted that less than 10 of its customers have been affected by the exploitation but dismissed the presence of a supply chain attack. On the other hand, more than 2,900 MobileIron user portals were discovered in a Shodan search to be accessible online, most of which are in the U.S., Germany, the U.K., and Hong Kong. U.S. state and local government agencies were also discovered to account for 36 of the exposed servers.