Unauthenticated RCE on MobileIron Mobile Device Management (MDM) was exploited by researcher.
The MDM is used by Facebook employees which is a third-party service that is affecting user safety. Researcher found critical vulnerability in MobileIron MDM which is a Mobile Device Management (MDM) system used by the social network giant in order to control employees’ corporate devices.
There were three critical vulnerabilities reported by the researcher, these vulnerabilities are Arbitrary file reading – CVE-2020-15507, Remote Code Execution (RCE) – CVE-2020-15505, and Bypassing the authentication measures in place remotely – CVE-2020-15505.
The flaw was reported to MobileIron who immediately released a security patch to fix these flaws. Researchers were monitoring the companies for the application of these flaws as the implementation of the patch is all that really matters.
One of the companies monitored was Facebook where after 15 days of tracking them, it was found that no action was taken by their team. Researcher then decided to take control of Facebook’s server, after which Facebook decided to act upon the situation.
Facebook has been involved in various data breaches and hacking attempts. The organization not taking the matter seriously raises alarms among its users. Taking these vulnerabilities lightly will only worsen the situation and reputation of the organization.
NPAV recommends organizations to keep a track of themselves as well as all partner organizations involved in operations. Install NPAV on your devices to keep them protected from all kinds of cyber attacks.
Use NPAV and join us on a mission to secure the cyber world.