Network Security, Patch/Configuration Management, Vulnerability Management

VMware patches RCE flaw for AirWatch Agent for Android, AirWatch Agent for Windows

VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.

The update resolves a flaw (CVE-2018-6968) in the real-time file manager capabilities which may allow for the unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator, according to a June 11 advisory.

The vulnerability labeled as critical the update will effectively disable file and registry management capabilities. Users are advised to review the patch notes for their product and version as well as to verify the checksum of their downloaded file.

Earlier this year, VMware patched three critical bugs in vSphere Data Protection which could have been remotely exploited to allow an unauthenticated attacker to gain root access to an affected system.

Related

US automaker subjected to FIN7 attack

BlackBerry researchers disclosed that a major U.S.-based multinational automaker had been targeted by the FIN7 hacking group in a spear-phishing attack late last year that sought to facilitate systems compromise with the Anunak malware, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.