Chat with us
Loader
Establishing connection, please wait while we connect you.

COMING SOON: Product-Focused Search and Guided Navigation for improved access to product support. Thank you for your feedback and stay tuned!

Security Alerts

Zebra takes security seriously and recommends that customers update to the latest BSP and accept monthly patches to minimize security risks.

We periodically issues alerts to notify our customers about security issues, vulnerabilities, and exploits. Information about product impact and expected patch availability is also provided if applicable. Please click on the alert name to learn more. You may also subscribe to email alerts to be notified when a new alert is posted. 

LifeGuard® for Android® is Zebra’s software security solution that extends the lifecycle of Zebra Android enterprise mobile computers. It's a convenient way to receive extended/legacy security support and predictable periodic security updates. Subscribe to LifeGuard update notifications to keep your Android devices secure and running at their full potential.

Zebra's VisibilityIQ OneCare Dashboard is a web-based tool that provides critical operational information to give you insight into key repair KPIs, service levels and repair service performance. It’s available to all customers who have a valid Zebra OneCare support agreement (Essential, Select, or SV for TC2X service) for mobile computers or scanners.

 

Alert Name

Notification Date

Summary

Apache Log4j 2 Vulnerability (CVE-2021-44228)

December 14, 2021The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.
Linux Kernel Elevated PrivilegeNovember 17, 2021This vulnerability is a use-after-free scenario which could allow code execution and local elevation of privilege to the kernel from an untrusted application.
Frag AttackMay 18, 2021A collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. 
AchillesAugust 13, 2020Multiple vulnerabilities allow execution of unprivileged code in a privileged DSP.
Kr00k VulnerabilityMarch 2, 2020A temporary disconnect of the WiFi signal is exploited to force devices into a prolonged disassociated state so WiFi packets can be intercepted.
Use-After-Free in Binder Driver VulnerabilityOctober 4, 2019Privilege-escalation vulnerability that can use a compromised application to exploit a device.  
Microarchitecture Data Sampling VulnerabilitiesMay 28, 2019A collection of vulnerabilities focusing on maliciously accessing storage buffers used to temporarily hold data.
Chrome Browser FileReader VulnerabilityFebruary 27, 2019Exploits the memory management within the Chrome FileReader using Flash, to execute malicious code. 
BleedingBitNovember 14, 2018Affects Bluetooth® low energy (BLE) chips made by Texas Instruments via either a memory corruption condition or through Over-The-Air Download functionality.
Spectre and MeltdownJanuary 3, 2018Flaw in processors vulnerable to speculative-execution attacks
Infineon TMP Advisory (Tablets)December 1, 2017RSA keys generated by Trusted Platform Modules (TPM).
KRACKOctober 16, 2017Security vulnerability that targets a key step in the Wi-Fi authentication protocol to break security encryption
BlueBorneOctober 1, 2017Attack vector that exploits Bluetooth connections to target and control devices

Report a potential security vulnerability or concern

Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion.  Vulnerability disclosure is a vital component to Zebra's Secure Through Partnership approach.

Zebra encourages customers and security researchers to report potential vulnerabilities with Zebra’s products/solutions.  To report a potential product/solution related security issue (such as an incident, data breach, or vulnerability), please visit our VDP reporting page.


Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.