Reset Search
 

 

Article

JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation

« Go Back

Information

 
Product AffectedThis issue can affect all Pulse Secure Mobile for Android versions.
Problem
A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile for Android could allow a user to elevate their privilege to the root level. This problem has been resolved and the fixed version is now available to download on the Google Play Store.

Phones that are not rooted will not be vulnerable to this issue.

Pulse Secure Mobile for Android, version 2.1.2.11723 (posted July 18, 2012) and earlier are affected.

Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.
 
Solution
Software updates to this issue have been created and posted to the Google Play Store. By upgrading to the current version the issue will be resolved.
Workaround
There are no workarounds for the issue announced in this PSN. The only way to correct this vulnerability is to upgrade to a release of software that contains the fix.
Implementation
How to obtain fixed software: The fixed version of this software can be found on the Google Play Store. Simply update your client to the latest version and the issue will be resolved.
Related Links
CVSS Score6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2013-03-873, JSA10553

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255