Chat with us
Loader
Establishing connection, please wait while we connect you.

Security Alerts

Zebra takes security seriously and recommends that customers update to the latest BSP and accept monthly patches to minimize security risks.

We periodically issues alerts to notify our customers about security issues, vulnerabilities, and exploits. Information about product impact and expected patch availability is also provided if applicable. Please click on the alert name to learn more. You may also subscribe to email alerts to be notified when a new alert is posted. 

Alert Name Notification Date Summary
Apache Log4j 2 Vulnerability (CVE-2021-44228) December 14, 2021 The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.
Linux Kernel Elevated Privilege November 17, 2021 This vulnerability is a use-after-free scenario which could allow code execution and local elevation of privilege to the kernel from an untrusted application.
Frag Attack May 18, 2021 A collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. 
Achilles August 13, 2020 Multiple vulnerabilities allow execution of unprivileged code in a privileged DSP.
Kr00k Vulnerability March 2, 2020 A temporary disconnect of the WiFi signal is exploited to force devices into a prolonged disassociated state so WiFi packets can be intercepted.
Use-After-Free in Binder Driver Vulnerability October 4, 2019 Privilege-escalation vulnerability that can use a compromised application to exploit a device.  
Microarchitecture Data Sampling Vulnerabilities May 28, 2019 A collection of vulnerabilities focusing on maliciously accessing storage buffers used to temporarily hold data.
Chrome Browser FileReader Vulnerability February 27, 2019 Exploits the memory management within the Chrome FileReader using Flash, to execute malicious code. 
BleedingBit November 14, 2018 Affects Bluetooth® low energy (BLE) chips made by Texas Instruments via either a memory corruption condition or through Over-The-Air Download functionality.
Spectre and Meltdown January 3, 2018 Flaw in processors vulnerable to speculative-execution attacks
Infineon TMP Advisory (Tablets) December 1, 2017 RSA keys generated by Trusted Platform Modules (TPM).
KRACK October 16, 2017 Security vulnerability that targets a key step in the Wi-Fi authentication protocol to break security encryption
BlueBorne October 1, 2017 Attack vector that exploits Bluetooth connections to target and control devices

Report a potential security vulnerability or concern

Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion.  Vulnerability disclosure is a vital component to Zebra's Secure Through Partnership approach

Zebra encourages customers and security researchers to report potential vulnerabilities with Zebra’s products/solutions.  To report a potential product/solution related security issue (such as an incident, data breach, or vulnerability), please visit our VDP reporting page.


 

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.

 

LifeGuard™ for Android™ is Zebra’s software security solution that extends the lifecycle of Zebra Android enterprise mobile computers. It's a convenient way to receive extended/legacy security support and predictable periodic security updates. Subscribe to LifeGuard update notifications to keep your Android devices secure and running at their full potential.

Zebra's VisibilityIQ OneCare Dashboard is a web-based tool that provides critical operational information to give you insight into key repair KPIs, service levels and repair service performance. It’s available to all customers who have a valid Zebra OneCare support agreement (Essential, Select, or SV for TC2X service) for mobile computers or scanners.