Ivanti Rolls Out Fixes for Critical Security Flaws, Commits to Major Security Overhaul
April 5, 2024
Ivanti has patched four new DoS vulnerabilities in Connect Secure and Policy Secure Gateways.
Vulnerabilities include heap overflow, null pointer dereference, and XEE, potentially allowing arbitrary code execution or information disclosure by unauthenticated attackers.
The company is undertaking an organizational overhaul with a 'secure-by-design' approach, embedding security in the software development lifecycle.
CEO Jeff Abbott has announced initiatives for stack modernization, enhanced vulnerability management, and improved support for on-prem customers.
Ivanti plans to introduce AI-powered solutions and a customer advisory board to improve customer experience and feedback.
Despite patch releases, additional vulnerabilities have been identified, but Ivanti is investing in a comprehensive security strategy with board and employee support.
Customers are urged to apply the patches and use the Integrity Checker Tool to ensure the security of their appliances.
Summary based on 6 sources
Get a daily email with more Tech stories
Sources
The Register • Apr 4, 2024
Ivanti commits to secure-by-design overhaul after vulnerability nightmare
The Hacker News • Apr 4, 2024
Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure
Help Net Security • Apr 4, 2024
Ivanti vows to transform its security operating model, reveals new vulnerabilities - Help Net Security
OODA Loop • Apr 4, 2024
Ivanti vows to transform its security operating model, reveals new vulnerabilities