Achilles Vulnerability Information | Zebra

Achilles Vulnerability Information

Check Point Software Technologies on Aug 7th 2020 released that it found more than 400 vulnerabilities in Qualcomm's digital signal processor chip, culminating in 6 CVEs, that could allow hackers to access video, photos, audio, and microphone data on a target's phone, as well as render the phone inoperable.

There are no active exploits of any vulnerabilities.

Only the following products are affected.  Other Zebra mobile devices, handheld devices, barcode scanners and printers are not impacted.

SUPPORT PAGES FOR IMPACTED PRODUCTS:

Device Android Nougat Android Oreo Android Pie Android 10
CC605
GMS
  LifeGuard Update 12 released on 25-August 2020   x
CC610
GMS
  LifeGuard Update 12 released on 25-August 2020   x
EC30
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020    
EC50
      x
EC55       x
ET51
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
ET56
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
L10A
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
MC22x       x
MC27x       x
MC33 x x    
MC33x       x
MC33xR       x
MC93
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
PS20
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020 x x
SB2       x
TC20 x x    
TC21       x
TC25 x x    
TC26       x
TC51 x x    
TC52
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020 x x
TC52x       x
TC56 x x    
TC57
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
TC57x       x
TC70x x x    
TC72
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020 x x
TC75x x x    
TC77
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
TC8300
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
VC80x x x    
VC8300
GMS | Non-GMS
  LifeGuard Update 12 released on 25-August 2020   x
WT6300       x

x - Impacted and patch availability is pending.

25-Aug - Release with all but CVE-2020-11208 (fix not available yet)

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.



Are you aware of a potential security issue with a Zebra Technologies product?