- #VIBER FOR BLACKBERRY Z10 INSTALL#
- #VIBER FOR BLACKBERRY Z10 UPGRADE#
- #VIBER FOR BLACKBERRY Z10 CODE#
“Failed exploitation of this issue might result in abnormal or unexpected termination of the application.”
#VIBER FOR BLACKBERRY Z10 CODE#
“Successful exploitation of this issue could potentially result in an attacker being able to execute arbitrary code in the context of the application that opens the specially crafted Adobe Flash content (typically the web browser),” the advisory says.
BlackBerry stressed that the vulnerability is not in the operating system, nor is it being exploited in the wild.
#VIBER FOR BLACKBERRY Z10 UPGRADE#
Users are urged to upgrade on both platforms.
#VIBER FOR BLACKBERRY Z10 INSTALL#
“While successful exploitation requires several specific conditions, and there are no current attacks on customers, we recommend BlackBerry Z10 users install the latest software update to be fully protected from this issue.”Īs for the second advisory, Adobe Flash Player versions earlier than 10.0.10.648 included with Z10 are affected while versions 2. “BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without significant customer interaction and physical access to the device,” BlackBerry’s Adrian Stone, director of security incident response and threat analysis, said in a statement. If all these conditions exist, an attacker could access BlackBerry Hub, applications and data, unlock the work perimeter compartment on the device, access the device over a USB tether in order to view files, change device passwords or access local and enterprise services.īlackBerry Enterprise Server administrators are urged to disallow computer access to Work Space on the device, disallow the use of the same password for WorkSpace as for the rest of the device, require a password for Work Space, and restrict Development mode. By doing so, the app could gain the device password if a reset is requested through Protect it also could prevent the device from executing commands from Protect such as remote wipe. The vulnerability could enable a malicious application downloaded by the user to compromise weak permissions on a BlackBerry Protect object to compromise the device.
“If all of the specific requirements are met for exploitation, an attacker could potentially access or modify data on the device.” “Successful exploitation requires not only that a customer enable BlackBerry Protect, use the feature to reset the device password and download a specifically crafted malicious app, but also that an attacker gain physical access to the phone,” BlackBerry said in its advisory. BlackBerry said the severity limited by the amount of user interaction and physical access on the attacker’s part required to successfully exploit the vulnerability. The privilege escalation bug affects only Z10 smartphones and is not being exploited. Users and enterprise administrators are urged to upgrade their devices to BlackBerry 10 OS version 10.0.10.648 or later, and version 2. The patches address a remote code-execution vulnerability in the Adobe Flash Player integrated into the BlackBerry products, as well as a privilege escalation flaw in the BlackBerry OS. BlackBerry’s security incident response team has issued two advisories warning Z10 smartphone and PlayBook tablet users to upgrade to the latest version of the operating system and software on both platforms.
0 kommentar(er)
