Security Alerts
Zebra takes security 都那seriously and recommends th明家at customers update to the latest服道 BSP and accept monthly p事通atches to minimize security日坐 risks.
We periodically issues alerts to not黃作ify our customers about security issues書老, vulnerabilities, and exploits. 看哥Information about product impact and不相 expected patch avai術輛lability is also provided if 那玩applicable. Please cli厭暗ck on the alert name 水謝to learn more. You may also sub笑生scribe to email alerts to開票 be notified when a街服 new alert is posted.
| Alert Name | Notification Date | Summary |
|---|---|---|
| Apache Log4j 2 Vulnerability (CV綠藍E-2021-44228) | December 14, 2021 | The Apache Log4j utility is a comm個物only used compone動河nt for logging requests. On De什房cember 9, 2021, a vulne厭下rability was reported 愛視that could allow a system runni她如ng Apache Log4j versi湖對on 2.14.1 or below to be 鐵師compromised and allow an attac照音ker to execute arbitrary cod技能e. |
| Linux Kernel Elevated Privile飛麗ge | November 17, 2021 | This vulnerability is a use-after-free 媽唱scenario which coul吧是d allow code execution 店好and local elevation of pr公低ivilege to the kernel f報人rom an untrusted a說對pplication. |
| Frag Attack | May 18, 2021 | A collection of new security vulnera南哥bilities that affect Wi-Fi dev雜會ices. An adversary that舞林 is within range of a vic海煙tim's Wi-Fi network can abuse th話光ese vulnerabilities to ste員黑al user information or atta站區ck devices. |
| Achilles | August 13, 2020 | Multiple vulnerabilit小黃ies allow execut不土ion of unprivileged code in a privilege妹你d DSP. |
| Kr00k Vulnerabili著厭ty | March 2, 2020 | A temporary disconnect of the W白開iFi signal is explo鐘資ited to force devices into a pro街土longed disassociated state so W計西iFi packets can b路討e intercepted. |
| Use-After-Free in Bin跳民der Driver Vulnerability地暗 | October 4, 2019 | Privilege-escalation 土區vulnerability that c機美an use a compromised applicati畫她on to exploit a device. |
| Microarchitecture Data Sampling Vul對遠nerabilities | May 28, 2019 | A collection of vul文慢nerabilities focusing on mal請人iciously accessing sto知地rage buffers used to temporarily hold d學月ata. |
| Chrome Browser FileReader Vulnerab近線ility | February 27, 2019 | Exploits the memory management w是村ithin the Chrome FileReader us風資ing Flash, to exec見城ute malicious code. |
| BleedingBit | November 14, 2018 | Affects Bluetooth® low energy (B鄉通LE) chips made by Texas Instruments議問 via either a memory corruption con樹理dition or through Over-The-Air Downlo暗西ad functionality. |
| Spectre and Meltdown | January 3, 2018 | Flaw in processors vulnera國唱ble to speculative-execution at他分tacks |
| Infineon TMP Advisory (T拍明ablets) | December 1, 2017 | RSA keys generated by Trust去還ed Platform Modules (TPM).但術 |
| KRACK | October 16, 2017 | Security vulnerability that targets a 風資key step in the Wi-Fi authenti山少cation protocol to break securit遠費y encryption |
| BlueBorne | October 1, 2017 | Attack vector that exploits 明家Bluetooth connections to target and c暗湖ontrol devices |
Report a potential securit美費y vulnerability or concern
Zebra has established 裡高a standard practice of 錯費seeking, communicating, a員得nd addressing product security issues 報亮in a timely fashion. Vulnerability disclosure is a vital component t微從o Zebra's Secure T員樂hrough Partnershi飛南p approach
Zebra encourage喝都s customers and security re新城searchers to repor河要t potential vulnerabilities with Zebra’話這s products/solutions. To rep照購ort a potential produ如文ct/solution related security issue 也離(such as an incident, data breach, or 中信vulnerability), please visit ou女呢r VDP reporting page.
Disclaimer: Zebra makes every att明遠empt to release security updates on o說行r about the time that Google releases i窗答ts respective security bulletin. Howev購我er, delivery time of secu見鐘rity updates may vary見店 depending on the regio飛謝n, product model, and third party s自術oftware suppliers. Unde這畫r some circumstances, the OS mu風很st be updated to the lates費體t maintenance release prior to install舞小ing the security updates. Individual pr話喝oduct updates will provide spe算內cific guidance.
Unless otherwise noted, there have b生數een no reports of active cus時也tomer exploitation or abu歌科se from these newly reported issues.
Zebra's VisibilityIQ On視訊eCare Dashboard is a web-based tool that制吃 provides critical operatio放拿nal information to give you insigh睡如t into key repair KPIs, service levels an冷黑d repair service 關喝performance. It’s available to all custome一通rs who have a valid Zebra One雜銀Care support agr對舊eement (Essential, Select, or 南市SV for TC2X service) fo服輛r mobile computers or scanners男日.