BlackBerry issued security patches Tuesday for remote code execution vulnerabilities in Adobe Flash Player that affect new BlackBerry Z10s and Q10s smartphones, and PlayBook tablets.
Remote code execution holes enable attackers to gain control of the compromised device or system.
“Successful exploitation requires that an attacker craft malicious Adobe Flash content that they must then persuade the customer to access on a webpage, or as a downloaded Adobe AIR application. If these specific requirements are met, an attacker could potentially execute arbitrary code in the context of the application that opens the specially crafted Adobe Flash content,” BlackBerry said in its security advisory.
In addition, BlackBerry patched a couple of remote code execution holes in the WebKit browser engine, one affecting only the Z10 smartphone and the other affecting both the Z10 phone and PlayBook tablet.
Additionally, BlackBerry fixed a security hole in the libexif libraries on the PlayBook tablet. An attacker would need to “craft a malicious image file” and trick a user into opening or saving the file from an email or website. “If the requirements are met for exploitation, an attacker could potentially gain access to, read or modify data on the device,” the advisory explained.