Skip to main content

Apple @ Work: Ivanti patches a critical bug in Ivanti Endpoint Manager that would allow for device takeover

Apple @ Work is brought to you by Kolide, the device trust solution that ensures that if a device isn’t secure, it can’t access your cloud apps.  If you have Okta, Kolide can help you get your fleet to 100% compliance.  They’re Zero Trust for Okta. Learn more or request a demo today.

Ivanti advises those using its endpoint security product to apply a crucial update. This update addresses a severe flaw that could enable unauthorized attackers to run harmful code within the impacted networks. While there haven’t been any confirmed cases of this vulnerability being exploited, there’s a history of attackers leveraging device management solutions for malicious purposes.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


Ivanti EPM is dealing with a critical SQL injection vulnerability that affected all its supported versions. The issue has been resolved in Ivanti EPM 2022 Service Update 5. This software is used across operating systems and device categories, including macOS Windows, Linux, Chrome OS, and IoT devices. The root of an SQL injection issue lies in improperly written code that mistakenly processes user input as part of commands. This specific vulnerability in Ivanti tracked as CVE-2023-39336, has a high-risk score of 9.6 out of 10.

As part of our ongoing strengthening of the security of our products, we have discovered a new vulnerability in Ivanti EPM. We are reporting this vulnerability as CVE-2023-39336. We have no indication that customers have been impacted by this vulnerability.

This vulnerability impacts all supported versions of the product, and the issue has been resolved in Ivanti EPM 2022 Service Update 5.

If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server.

Malicious hackers have become focused on hijacking vulnerable endpoints and using them to access data and corporate networks. It really highlights that security can’t just be on the device side or the identity side. IT and Security teams must be building in layers upon layers of security including EDR, passkeys, identity management, known locations, and much more. By layering on security, teams can better defend against attacks.

Obviously, for Ivanti, this is a huge problem, but thanks to the team for reacting quickly, and it’s great to see that there are no known exploits in the wild. No software is perfect. No security posture is perfect. Teams must be proactive against threats and leverage the latest security tools in order to mine all of their data for clues.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications