Resolved App Password Bypass on Sophos Secure Workspace for Android (CVE-2021-36808)

Voltar à Visão geral dos comunicados de segurança
Sophos Secure Workspace (Android)
ID da publicação sophos-sa-20211029-ssw-pw-bypass
Versão do artigo 1
Primeira publicação
Solução alternativa No


A race condition in Sophos Secure Workspace for Android was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed. There is no action required for customers, as updates are installed automatically by default.

Sophos would like to thank Christian Niel Angel for responsibly disclosing the issues to Sophos.

The remediation prevented a local attacker to bypass the app password. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

Applies to the following Sophos product(s) and version(s)

  • Sophos Secure Workspace for Android prior version 9.7.3115


  • Fix included in Sophos Secure Workspace 9.7.3115 on September 27, 2021

  • Additionally, Sophos recommends that Sophos Secure Workspace customers upgrade to the latest available release