BUG
ArcGIS Runtime SDK for Android – August 2015 Security Update
Esri has updated the ArcGIS Runtime SDK for Android to address a vulnerability (identified by CVE-2015-2002) that could allow malware to cause memory corruption of an app that uses the SDK, and possibly gain code execution in the context of such app.
For users to be affected by this vulnerability:
• Users would have installed an app built with the vulnerable ArcGIS Runtime SDK for Android on their Android device.
• The user would have a malicious app installed on their Android device that exploits the vulnerability.
There have been no reports or evidence to indicate the vulnerability was ever used to access user data. However we strongly recommend updating your apps with this latest SDK, and in general, regularly updating your apps with the latest SDK available.
See the Description section above.
Note:
The use of anti-virus software on the Android platform can reduce the likelihood of getting a malicious app installed on to the device, which is a prerequisite for this vulnerability to be exploited.
Get help from ArcGIS experts
Download the Esri Support App