Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

BlackBerry 10 Haunted by Adobe Flash Vulnerabilities

BlackBerry today warned that its newest smartphones and tablets are at risk of remote code execution attacks via vulnerabilities in Adobe Flash Player.

BlackBerry today warned that its newest smartphones and tablets are at risk of remote code execution attacks via vulnerabilities in Adobe Flash Player.

According to a BlackBerry advisory, a malicious hacker could booby-trap Adobe Flash content and lure users into visiting rigged Web pages or downloading Adobe Air applications.

BlackBerry Z10 and Q10 Smartphones“If the requirements are met for exploitation, an attacker could potentially execute code with the rights of the application that opens the specially crafted malicious Flash content,” BlackBerry warned.

From the BlackBerry advisory:

Vulnerabilities exist in the Flash Player version supplied with affected versions of the BlackBerry 10 OS and PlayBook OS. The Flash Player is a cross-platform, browser-based application runtime.

Successful exploitation of these vulnerabilities could potentially result in an attacker executing code in the context of the application that opens the specially crafted Flash content (typically the web browser). Failed exploitation of this issue might result in abnormal or unexpected termination of the application.

In order to exploit these vulnerabilities, an attacker must craft Flash content in a stand-alone Flash (.swf) application or embed Flash content in a website. The attacker must then persuade the user to access the Flash content by clicking a link to the content in an email message or on a webpage, or loading it as part of an AIR application. The email message could be received at a webmail account that the user accesses in a browser on BlackBerry Z10 and BlackBerry Q10 smartphones and BlackBerry tablets.

Affected products include the BlackBerry Z10 and BlackBerry Q10 smartphones and the BlackBerry PlayBook tablet.

Advertisement. Scroll to continue reading.

The company said it was not aware of any active exploitation of the Flash Player vulnerabilities.

Separately, Adobe shipped a cross-platform Flash Player update to fix at least four vulnerabilities that expose users to hacker attacks. Adobe said the vulnerabilities could be exploited to cause a crash and potentially allow an attacker to take control of the affected system.

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.