Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

BlackBerry Issues Security Advisories for Z10 and PlayBook

BlackBerry released two security advisories on Tuesday, alerting customers about vulnerabilities that affect its BlackBerry Z10 smartphones and BlackBerry PlayBook tablets.

BlackBerry released two security advisories on Tuesday, alerting customers about vulnerabilities that affect its BlackBerry Z10 smartphones and BlackBerry PlayBook tablets.

The first advisory, BSRT-2013-005, addresses Adobe Flash Player vulnerabilities integrated into specific versions of both the BlackBerry PlayBook and BlackBerry Z10 operating systems, the smartphone maker said.

The second advisory, BSRT-2013-006, addresses a vulnerability affecting select BlackBerry Z10 smartphones that are running earlier versions of the OS and have the BlackBerry Protect feature enabled.

“Successful exploitation requires a customer to be persuaded to access maliciously created Adobe Flash content in an email or on a webpage,” a security advisory explained. “The mail message could be received at a webmail account that the user accesses in a browser on a BlackBerry Z10 smartphone and/or the BlackBerry PlayBook tablet.”

“If all of the specific requirements are met for exploitation, an attacker could potentially execute arbitrary code in the context of the application that opens the specially crafted Adobe Flash content,” the advisory continued.

BlackBerry is not currently aware of any active attacks targeting its customers, but recommends that all customers apply the latest software updates to protect their devices.

“BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without significant customer interaction and physical access to the device,” explained – Adrian Stone, Director, BlackBerry Security Incident Response and Threat Analysis. “While successful exploitation requires several specific conditions, and there are no current attacks on customers, we recommend BlackBerry Z10 users install the latest software update to be fully protected from this issue.”

Details on the vulnerabilities as described by BlackBerry are included below: 

About the Adobe Flash Update (BSRT-2013-005):

• This advisory addresses a vulnerability in Adobe Flash Player that is currently not being exploited against BlackBerry Z10 smartphone or BlackBerry PlayBook tablet customers.

• BlackBerry customer risk is limited by the BlackBerry 10 OS and the BlackBerry PlayBook Tablet OS design, which restricts an application’s access to system resources and the private data of other applications.

• Successful exploitation requires a customer to be persuaded to access maliciously created Adobe Flash content in an email or on a webpage.

• Customers using BlackBerry Q10 smartphones, BlackBerry Z10 users running version 10.0.10.648 or later and BlackBerry PlayBook tablet users running version 2.1.0.1526 or later are not affected. 

About the BlackBerry Protect Update (BSRT-2013-006):

• This advisory addresses a vulnerability affecting select OS versions for BlackBerry Z10 smartphones that is currently not being exploited.

• BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without significant customer interaction and an attacker gaining physical access to the device.

• Successful exploitation requires an attacker to overcome several barriers, including changing a default setting to enable BlackBerry Protect, using the feature to reset the device password, and downloading a specifically crafted malicious app. In addition, the attacker would also have to gain physical access to the smartphone.

• Customers using BlackBerry Q10 smartphones and BlackBerry Z10 users running version 10.0.10.648 and later are not affected.

After installing the latest software update, BlackBerry Z10 users and BlackBerry PlayBook tablet users will be fully protected from this vulnerability, BlackBerry said.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.