Citrix releases fix for software bug that hackers ‘will move quickly to exploit’

Written by

A newly revealed set of vulnerabilities in popular software made by Citrix, whose clients include Fortune 500 companies, could let hackers who exploit the bugs gain control of a mobile server and steal sensitive data.

The Florida-based company, which has dealt with multiple critical vulnerabilities this year, has released fixes for the new round of bugs and urged customers to apply them.

“While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit,” Citrix CISO Fermin J. Serna wrote in a blog post Tuesday.

The bugs are in a software product known as Citrix Endpoint Management or XenMobile, which allows clients to remotely connect to corporate networks with their mobile devices. Exploiting one of the bugs could let a hacker steal domain account credentials for a corporate network, according to Andrey Medov, a security researcher at Positive Technologies, which found the flaw during a security audit for a client. From there, an attacker could target other company resources like corporate mail and web applications.

The concern is that, given the access the vulnerabilities could give hackers, it is only a matter of time before they reverse-engineer the software patches and develop exploits. Hackers had a field day with a critical bug in a different Citrix software product, revealed in December. In one case, Chinese spies used the software flaw to target multiple critical infrastructure industries.

It took Citrix a month to release a patch for that vulnerability in an episode that highlighted how corporate security can depend on the behavior of powerful software vendors.

Citrix is trying to head off that kind of exploitation of the latest vulnerabilities. Karen Master, a Citrix spokeswoman, said the company had alerted customers to the vulnerabilities weeks ago and that a large portion of those customers have applied a patch. Master declined to say how many customers were affected by the vulnerabilities.