Your one-stop web resource providing safety and security information to manufacturers

BlackBerry issued security patches Tuesday for remote code execution vulnerabilities in Adobe Flash Player that affect new BlackBerry Z10s and Q10s smartphones, and PlayBook tablets.

Remote code execution holes enable attackers to gain control of the compromised device or system.

Users Don’t Secure Android Devices
Attack Threat Continues to Increase
Mobile Security Education Feeble
Mobile Spam Risks on Rise

“Successful exploitation requires that an attacker craft malicious Adobe Flash content that they must then persuade the customer to access on a webpage, or as a downloaded Adobe AIR application. If these specific requirements are met, an attacker could potentially execute arbitrary code in the context of the application that opens the specially crafted Adobe Flash content,” BlackBerry said in its security advisory.

In addition, BlackBerry patched a couple of remote code execution holes in the WebKit browser engine, one affecting only the Z10 smartphone and the other affecting both the Z10 phone and PlayBook tablet.

Schneider Bold

To exploit the security hole, an attacker would need to set up a malicious website or compromise a legitimate website, and then trick a BlackBerry Z10 smartphone or BlackBerry tablet user to view a webpage containing the malicious JavaScript content. “If the requirements are met for exploitation, an attacker could potentially execute code in the BlackBerry Browser,” BlackBerry also said.

Additionally, BlackBerry fixed a security hole in the libexif libraries on the PlayBook tablet. An attacker would need to “craft a malicious image file” and trick a user into opening or saving the file from an email or website. “If the requirements are met for exploitation, an attacker could potentially gain access to, read or modify data on the device,” the advisory explained.

Pin It on Pinterest

Share This