VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.
The update resolves a flaw (CVE-2018-6968) in the real-time file manager capabilities which may allow for the unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator, according to an 11 June advisory.
The vulnerability labelled as critical the update will effectively disable file and registry management capabilities. Users are advised to review the patch notes for their product and version as well as to verify the checksum of their downloaded file.
Earlier this year, VMware patched three critical bugs in vSphere Data Protection which could have been remotely exploited to allow an unauthenticated attacker to gain root access to an affected system.