VMware urges customers to patch critical AirWatch flaw

VMware building with arched glass front

VMware has issued a security advisory for two flaws in its AirWatch enterprise mobility management suite, urging customers to update immediately.

The issues affect two of the company's Android apps: the AirWatch Agent for Android, and the AirWatch Inbox for Android.

The vulnerability in the AirWatch Agent app allows devices to bypass root detection on enrolment, potentially allowing rogue devices onto corporate networks with access to Airwatch security controls and data. The AirWatch Inbox flaw could expose confidential data to attackers.

VMware's advisory read: "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."

Both flaws have now been fixed, and updated versions are available via the Google Play store.

A VMware spokesperson said in a statement: "The issue has been remediated and the apps are available in the public app stores. VMware published this security advisory as part of our regular transparency with the market and the security ecosystem."

The news comes after VMware's 2016 financial results last week, when the company revealed it made more than $7 billion in annual revenue.

NSX was a key driver of this, with CEO Pat Gelsinger calling it a "land and expand" product, as customers purchase it for one task but end up using it more widely. NSX doubled its customer numbers, the virtualisation company said, and has now hit a run rate of $1 billion per year.

The company's acquisition by Dell as part of its merger with EMC has also spurred growth, according to Gelsinger, who said that the new ownership should add $1 billion to its revenue over time.

CFO Zane Rowe said: "This was a very good year for VMware demonstrated by strong revenue, earnings and cash flow growth".

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.