On June 11th, VMware officially released a security announcement that there is a serious vulnerability in its products for AirWatch Agent (CVE-2018-6968). Through this vulnerability, an attacker can remotely execute arbitrary code on the affected device.
“The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.”
VMware official has released a corresponding new version to fix the above vulnerabilities. Users should update and upgrade the protection.