VMware mitigated a remote code execution vulnerability in its AirWatch Agent for Android and Windows Mobile.

VMware AirWatch Agent is a mobile File Manager application and is part of the VMware Workspace ONE platform.

New Backdoor Based on Hacking Team Tool
Android-Based Malware Attack Spotted
Mac OS Backdoor Discovered
Amazon’s Alexa can Eavesdrop

Users, VMware said, should upgrade to the newest versions of the software (8.2 and 6.5.2, respectively).

On the other hand, the iOS version does not suffer from the issue.

Schneider Bold

“VMware Workspace ONE UEM currently offers a real-time File Manager for Android and Windows Mobile/CE devices, and Task/Registry Managers for Windows Mobile/CE devices,” the company said in a post.

“These capabilities are independent of other File & Registry Management capabilities within the AirWatch platform such as Files/Actions through Product Provisioning and the newer File Manager inside Advanced Remote Management. These legacy File, Task & Registry Management features are built upon legacy technologies and have recently been discovered to be impacted by an urgent security vulnerability.”

The vulnerability is an authorization flaw in the real-time File Manager capability for Android and Windows Mobile devices and Registry Manager for Windows Mobile devices.

It can be exploited by remote attackers with knowledge of specific enrolled devices within an AirWatch instance to add or remove files from a device, remotely execute commands on it, or modify or set Registry Key values for Windows Mobile devices that are configured to use AirWatch Cloud Messaging (AWCM).

The updates disable File and Registry Management capabilities.

Pin It on Pinterest

Share This