If you’ve read reports about the recent zero day vulnerability (CVE-2016-0728) that allows Android or Linux applications to escalate privileges and gain root access to the device you may have concerns about its impact on your XenMobile deployment. However, we would like to reassure Citrix customers that, although XenMobile Server runs on a Linux platform, it does not contain the vulnerable code.
For Android, Google has published a security blog describing the vulnerability as impacting a limited number of Android version 4.4-based devices. Google has already issued a patch for this issue which should be available soon from device manufacturers.
Although customers using XenMobile may be supporting a small subset of impacted Android 4.4-based devices in their user base, the XenMobile MDX container and Secure/Shared Vault reduces the risks posed by this vulnerability to customer data-at-rest with additional encryption over and above any encryption made by the device.
Find out why industry analysts give XenMobile the highest marks for security with the XenMobile Security Whitepaper