Bug: ArcGIS Runtime SDK for Android – August 2015 Security Update
【相关信息】
Article ID: 45249
Bug Id: BUG-000089724
Software:
ArcGIS Runtime SDK for Android 1.0.1, 1.1, 1.1.1, 2.0, 10.1.1, 10.2, 10.2.4, 10.2.5, 10.2.2, 10.2.3
Collector for ArcGIS (Android) 10.1.1, 10.2.2, 10.2.6, 10.2.7, 10.2.3, 10.1.12, 10.2, 10.2.4, 10.2.5
Explorer for ArcGIS (Android) 10.2.6, 10.2.7
Platforms: N/A
【BUG描述】
ArcGIS Runtime SDK for Android – August 2015 Security Update
Esri has updated the ArcGIS Runtime SDK for Android to address a vulnerability (identified by CVE-2015-2002) that could allow malware to cause memory corruption of an app that uses the SDK, and possibly gain code execution in the context of such app.
For users to be affected by this vulnerability:
Users would have installed an app built with the vulnerable ArcGIS Runtime SDK for Android on their Android device.
The user would have a malicious app installed on their Android device that exploits the vulnerability.
There have been no reports or evidence to indicate the vulnerability was ever used to access user data. However we strongly recommend updating your apps with this latest SDK, and in general, regularly updating your apps with the latest SDK available.
【BUG原因】
See the Description section above.
Article ID: 45249
Bug Id: BUG-000089724
Software:
ArcGIS Runtime SDK for Android 1.0.1, 1.1, 1.1.1, 2.0, 10.1.1, 10.2, 10.2.4, 10.2.5, 10.2.2, 10.2.3
Collector for ArcGIS (Android) 10.1.1, 10.2.2, 10.2.6, 10.2.7, 10.2.3, 10.1.12, 10.2, 10.2.4, 10.2.5
Explorer for ArcGIS (Android) 10.2.6, 10.2.7
Platforms: N/A
【BUG描述】
ArcGIS Runtime SDK for Android – August 2015 Security Update
Esri has updated the ArcGIS Runtime SDK for Android to address a vulnerability (identified by CVE-2015-2002) that could allow malware to cause memory corruption of an app that uses the SDK, and possibly gain code execution in the context of such app.
For users to be affected by this vulnerability:
Users would have installed an app built with the vulnerable ArcGIS Runtime SDK for Android on their Android device.
The user would have a malicious app installed on their Android device that exploits the vulnerability.
There have been no reports or evidence to indicate the vulnerability was ever used to access user data. However we strongly recommend updating your apps with this latest SDK, and in general, regularly updating your apps with the latest SDK available.
【BUG原因】
See the Description section above.
1 个回复
EsriSupport
赞同来自:
Esri strongly recommends that developers download the latest version of the ArcGIS Runtime SDK for Android – version 10.2.6-2 or later - and update their apps.
Collector for ArcGIS was updated on July 14, 2015 in the Google Play Store. The July 14 update (version 10.3.2), among other things, incorporates the ArcGIS Runtime SDK for Android 10.2.6-2 that resolves the security vulnerability described above.
Explorer for ArcGIS was updated on July 29 in the Google Play store. The July 29 update (version 10.2.8), among other things, incorporates the ArcGIS Runtime SDK for Android 10.2.6-2 that resolves the security vulnerability described above.
Esri strongly recommends that any customer using Collector for ArcGIS or Explorer for ArcGIS with Android download these updated versions.
Use the following links to the ArcGIS for Developers site where the latest version of the ArcGIS Runtime SDK for Android can be downloaded, and also to the to the Google Play Store where the latest version of Collector for ArcGIS and Explorer for ArcGIS can be downloaded:
ArcGIS for Developers
Collector for ArcGIS
Explorer for ArcGIS
【创建及修改时间】
Created: 8/3/2015 Last Modified: 8/11/2015
【原文链接】
http://support.esri.com/en/kno ... 45249
要回复问题请先登录或注册