Critical vulnerability in Blackberry 10 OS
Posted by: TimW on 06/17/2013 03:24 PM
[
Comments
]
An advisory has been released by BlackBerry that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS. Only versions that come before 10.0.10.648. It also only affects the BlackBerry Z10 as the keyboard model Q10 was delivered with BlackBerry 10.1 OS.
Even if Protect is enabled, the user must still install a malicious app, which will then compromise a Protect-component so that it can intercept a password reset. This password reset requires the user, or someone who knows the BlackBerry ID and password, to go to the web site of BlackBerry Protect and request the password. All of this must occur for the attacker to know the new password for the device. If he has physical access to the device, he can now log on successfully as the actual user. Otherwise, the attacker can only access Wi-Fi file sharing if the actual user has activated it.
BlackBerry recommends that users update the device software to at least version 10.0.10.648. Z10 and Q10 versions of BlackBerry 10.1 OS and later are available from the provider and are delivered OTA (over the air) as an update.
Even if Protect is enabled, the user must still install a malicious app, which will then compromise a Protect-component so that it can intercept a password reset. This password reset requires the user, or someone who knows the BlackBerry ID and password, to go to the web site of BlackBerry Protect and request the password. All of this must occur for the attacker to know the new password for the device. If he has physical access to the device, he can now log on successfully as the actual user. Otherwise, the attacker can only access Wi-Fi file sharing if the actual user has activated it.
BlackBerry recommends that users update the device software to at least version 10.0.10.648. Z10 and Q10 versions of BlackBerry 10.1 OS and later are available from the provider and are delivered OTA (over the air) as an update.
Comments
