SanDisk Security Bulletin - December 2009


Overview

The Cruzer® Enterprise series of USB flash drives are equipped with a hardware-based encryption module and an access control mechanism to protect company data. SanDisk has recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue.

Important Note: This issue is only applicable to the application running on the host and does not apply to the device hardware or firmware.

As a result, all Cruzer Enterprise USB flash drives being shipped to customers as of today contain the product update. SanDisk has also taken measures to inform customers and channel partners about the issue and has provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices.

Devices to which this change applies:
  • Cruzer® Enterprise USB flash drive, CZ22 - 1GB, 2GB, 4GB, 8GB
  • Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 - 1GB, 2GB, 4GB, 8GB
  • Cruzer® Enterprise with McAfee USB flash drive, CZ38 - 1GB, 2GB, 4GB, 8GB
  • Cruzer® Enterprise FIPS Edition with McAfee USB flash drive, CZ46 - 1GB, 2GB, 4GB, 8GB
Recommendations

To implement this change, SanDisk recommends to users to install an update file, following this procedure:
  • Fill in the online form here. This will direct you to a downloading site.
  • Download the 'updater selector' application and the Quick Reference Guide with installation instructions.
Summary

Preserving customer security and product reliability continues to be a top priority at SanDisk. SanDisk will continue to work diligently with customers as well as third-party security researchers to maintain high levels of security.














*First Name:



*Last Name:



*Company:

  Job Title:
 
*E-mail:

  Business Phone:

  Address:

  City:

  State/Province:

  Zip/Postal Code:

*Country: