Ivanti Patches Zero-Days Used in Code Execution Attacks

Ivanti urged customers on Thursday to apply security patches for its Endpoint Manager Mobile (EPMM) software to address two critical zero-day vulnerabilities. The flaws, which have been actively exploited in the wild, can be chained together by attackers to achieve remote code execution on targeted systems. The company issued the warning after identifying that threat actors were leveraging these bugs in real-world attacks, potentially compromising enterprise mobile infrastructure.

The vulnerabilities reside within the EPMM platform, which is widely used by organizations to manage and secure mobile devices. Ivanti did not disclose the technical specifics of the flaws but emphasized the urgency of applying the fixes to prevent unauthorized access and control.

Customers are advised to update their systems immediately to mitigate the risk. The company’s disclosure highlights the growing trend of zero-day exploits targeting enterprise software and the need for organizations to maintain rigorous patch management practices to defend against evolving cyber threats.