VMware urges customers to patch critical AirWatch flaw

VMware has issued a security advisory for two flaws in its AirWatch enterprise mobility management suite, urging customers to update immediately.

The issues affect two of the company's Android apps: the AirWatch Agent for Android, and the AirWatch Inbox for Android.

The vulnerability in the AirWatch Agent app allows devices to bypass root detection on enrolment, potentially allowing rogue devices onto corporate networks with access to Airwatch security controls and data. The AirWatch Inbox flaw could expose confidential data to attackers.

VMware's advisory read: "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."

Both flaws have now been fixed, and updated versions are available via the Google Play store.

A VMware spokesperson said in a statement: "The issue has been remediated and the apps are available in the public app stores. VMware published this security advisory as part of our regular transparency with the market and the security ecosystem."

The news comes after VMware's 2016 financial results last week, when the company revealed it made more than $7 billion in annual revenue.

NSX was a key driver of this, with CEO Pat Gelsinger calling it a "land and expand" product, as customers purchase it for one task but end up using it more widely. NSX doubled its customer numbers, the virtualisation company said, and has now hit a run rate of $1 billion per year.

The company's acquisition by Dell as part of its merger with EMC has also spurred growth, according to Gelsinger, who said that the new ownership should add $1 billion to its revenue over time.

CFO Zane Rowe said: "This was a very good year for VMware demonstrated by strong revenue, earnings and cash flow growth".