VMware Patches a Critical Code Execution Vulnerability in AirWatch Agent for Android and Windows Mobile

On June 11th, VMware officially released a security announcement that there is a serious vulnerability in its products for AirWatch Agent (CVE-2018-6968). Through this vulnerability, an attacker can remotely execute arbitrary code on the affected device.

“The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for   unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.”

Image: VMware

VMware official has released a corresponding new version to fix the above vulnerabilities. Users should update and upgrade the protection.