BlackBerry is warning customers that a stack-based buffer overflow vulnerability in the qconnDoor service could lead to remote code execution on BlackBerry 10 smartphones.
User interaction is required for the exploit to be triggered. First, the attacker needs to send a maliciously crafted message over Wi-Fi to the qconnDoor service of the targeted device. The victim must have development mode enabled and be connected to the same Wi-Fi network as the attacker.
The exploit can also be sent to the qconnDoor service if the smartphone is connected to a computer via a USB cable. If the exploit works, the attacker can execute code with superuser rights, or terminate the qconnDoor service.
A software update has been released to address the vulnerability which has the CVE-2014-1468 identifier. The flaw affects BlackBerry 10 OS versions earlier than 10.2.0.1055.
The qconnDoor service is used by the BlackBerry 10 OS to provide shell and remote debugging capabilities.
David Gullasch, Max Moser, and Martin Schobert of modzero have been credited for finding the vulnerability and assisting BlackBerry in identifying the cause.
BlackBerry 10 customers should automatically be notified of the software updates. Users can manually check for updates on the Software Updates page under the Settings menu.