Bug:  ArcGIS Runtime SDK for Android – August 2015 Security Update

相关信息
Article ID: 45249
Bug Id: BUG-000089724
Software:
ArcGIS Runtime SDK for Android 1.0.1, 1.1, 1.1.1, 2.0, 10.1.1, 10.2, 10.2.4, 10.2.5, 10.2.2, 10.2.3
Collector for ArcGIS (Android) 10.1.1, 10.2.2, 10.2.6, 10.2.7, 10.2.3, 10.1.12, 10.2, 10.2.4, 10.2.5
Explorer for ArcGIS (Android) 10.2.6, 10.2.7
Platforms: N/A

BUG描述
ArcGIS Runtime SDK for Android – August 2015 Security Update

Esri has updated the ArcGIS Runtime SDK for Android to address a vulnerability (identified by CVE-2015-2002) that could allow malware to cause memory corruption of an app that uses the SDK, and possibly gain code execution in the context of such app.

For users to be affected by this vulnerability:

• Users would have installed an app built with the vulnerable ArcGIS Runtime SDK for Android on their Android device.
• The user would have a malicious app installed on their Android device that exploits the vulnerability.

There have been no reports or evidence to indicate the vulnerability was ever used to access user data. However we strongly recommend updating your apps with this latest SDK, and in general, regularly updating your apps with the latest SDK available.

BUG原因
See the Description section above.
已邀请:

EsriSupport

赞同来自:

解决方案
Esri strongly recommends that developers download the latest version of the ArcGIS Runtime SDK for Android – version 10.2.6-2 or later - and update their apps.

Collector for ArcGIS was updated on July 14, 2015 in the Google Play Store. The July 14 update (version 10.3.2), among other things, incorporates the ArcGIS Runtime SDK for Android 10.2.6-2 that resolves the security vulnerability described above.

Explorer for ArcGIS was updated on July 29 in the Google Play store. The July 29 update (version 10.2.8), among other things, incorporates the ArcGIS Runtime SDK for Android 10.2.6-2 that resolves the security vulnerability described above.

Esri strongly recommends that any customer using Collector for ArcGIS or Explorer for ArcGIS with Android download these updated versions.

Use the following links to the ArcGIS for Developers site where the latest version of the ArcGIS Runtime SDK for Android can be downloaded, and also to the to the Google Play Store where the latest version of Collector for ArcGIS and Explorer for ArcGIS can be downloaded:


ArcGIS for Developers


Collector for ArcGIS


Explorer for ArcGIS



The use of anti-virus software on the Android platform can reduce the likelihood of getting a malicious app installed on to the device, which is a prerequisite for this vulnerability to be exploited.






    创建及修改时间
    Created: 8/3/2015 Last Modified: 8/11/2015
    原文链接
    http://support.esri.com/en/kno ... 45249

    要回复问题请先登录注册