VMware’s notified that the agent practiced by its AirWatch mobile device organization product has a flaw that could permit distant regulator of mobile strategies functioning Android or Windows Mobile, so will denounce the properties that permitted the threat.
The serious-rated CVE-2018-6968 facts a flaw that may consent for unapproved formation and implementation of files in the Agent sandbox and other widely available directories likely those on the SD card by a harmful administrator.
The issue’s in the agent that VMware needs customers to install on a mobile device so as to create it controllable by AirWatch. In the approach of freshly-patched agents for each OS, there is good news: VMware AirWatch Agent for Android 8.2 and VMware AirWatch Agent for Windows Mobile 6.5.2 should categorize this one out.
There is likewise a workaround for the users of Android who can pick AWCM in its place of C2DM/GCM as their ideal push statement service. That alteration will evade the requirement for a promotion to the Android app.
However the issue’s not confined to strategies: VMware’s likewise stated that the file, mission and registry supervision in AirWatch Cloud Messaging will be deactivated in present SaaS environments over the upcoming weeks. The works will then be deplored in future announcements of the Workspace ONE UEM Console.
Which seems like an ideal impression: the some tackles that can become into the entrails of a device, the healthier. Particularly when, as is the situation with this flaw, it’s also probable to write files to detachable media.