Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. The flaw was patched back in June, but a proof of concept exploit became available in September. The issue (CVE-2020-15505) ranks 9.8 out of 10 on the CVSS severity scale, making it critical. MobileIron recommends that customers apply these patches and any security updates as soon as possible, the company said.
Source: https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/