Chat with us
Loader
Establishing connection, please wait while we connect you.

NOW AVAILABLE: Product-Focused Search and Guided Navigation for improved access to product support. Read more.

Security Alerts

Zebra takes security seriously and recommends that customers update to the latest BSP and accept monthly patches to minimize security risks.

We periodically issues alerts to notify our customers about security issues, vulnerabilities, and exploits. Information about product impact and expected patch availability is also provided if applicable. Please click on the alert name to learn more. You may also subscribe to email alerts to be notified when a new alert is posted. 

LifeGuard® for Android® is Zebra’s software security solution that extends the lifecycle of Zebra Android enterprise mobile computers. It's a convenient way to receive extended/legacy security support and predictable periodic security updates. Subscribe to LifeGuard update notifications to keep your Android devices secure and running at their full potential.

Zebra's VisibilityIQ OneCare Dashboard is a web-based tool that provides critical operational information to give you insight into key repair KPIs, service levels and repair service performance. It’s available to all customers who have a valid Zebra OneCare support agreement (Essential, Select, or SV for TC2X service) for mobile computers or scanners.

 

Alert NameNotification DateSummary
Apache Log4j 2 Vulnerability (CVE-2021-44228)14-Dec-21The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.
Linux Kernel Elevated Privilege17-Nov-21This vulnerability is a use-after-free scenario which could allow code execution and local elevation of privilege to the kernel from an untrusted application.
Frag Attack18-May-21A collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. 
Achilles13-Aug-20Multiple vulnerabilities allow execution of unprivileged code in a privileged DSP.
Kr00k Vulnerability02-Mar-20A temporary disconnect of the WiFi signal is exploited to force devices into a prolonged disassociated state so WiFi packets can be intercepted.
Use-After-Free in Binder Driver Vulnerability04-Oct-19Privilege-escalation vulnerability that can use a compromised application to exploit a device.  
Microarchitecture Data Sampling Vulnerabilities28-May-19A collection of vulnerabilities focusing on maliciously accessing storage buffers used to temporarily hold data.
Chrome Browser FileReader Vulnerability27-Feb-19Exploits the memory management within the Chrome FileReader using Flash, to execute malicious code. 
BleedingBit14-Nov-18Affects Bluetooth® low energy (BLE) chips made by Texas Instruments via either a memory corruption condition or through Over-The-Air Download functionality.
Spectre and Meltdown03-Jan-18Flaw in processors vulnerable to speculative-execution attacks
Infineon TMP Advisory (Tablets)01-Dec-17RSA keys generated by Trusted Platform Modules (TPM).
KRACK16-Oct-17Security vulnerability that targets a key step in the Wi-Fi authentication protocol to break security encryption
BlueBorne01-Oct-17Attack vector that exploits Bluetooth connections to target and control devices

 

Report a potential security vulnerability or concern

Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion.  Vulnerability disclosure is a vital component to Zebra's Secure Through Partnership approach.

Zebra encourages customers and security researchers to report potential vulnerabilities with Zebra’s products/solutions.  To report a potential product/solution related security issue (such as an incident, data breach, or vulnerability), please visit our VDP reporting page.


Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.