VMware patches RCE flaw for AirWatch Agent for Android, Windows

News by Robert Abel

VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.

Also in:

VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.

The update resolves a flaw (CVE-2018-6968) in the real-time file manager capabilities which may allow for the unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator, according to an  11 June  advisory.

The vulnerability labelled as critical the update will effectively disable file and registry management capabilities. Users are advised to review the patch notes for their product and version as well as to verify the checksum of their downloaded file.

Earlier this year, VMware patched three critical bugs in vSphere Data Protection which could have been remotely exploited to allow an unauthenticated attacker to gain root access to an affected system.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events