14 DAY TRIAL // On Tuesday, BlackBerry released patches to address several vulnerabilities impacting various products. The security holes plague the Webkit browser engine, the libefix library, and the Adobe Flash Player installed on various devices.
One of the Webkit browser engine vulnerabilities impacts BlackBerry Z10 smartphones and it can be exploited by cybercriminals to remotely execute arbitrary code.
For an attack to be successful, the attacker needs to trick the victim into visiting a malicious website.
“BlackBerry customer risk is limited by the BlackBerry® 10 OS design, which restricts an application's access to system resources and the private data of other applications,” BlackBerry wrote in its advisory.
Currently, there’s no evidence that the vulnerability is being exploited in the wild.
Another Webkit issue is said to impact both BlackBerry Z10 smartphone and BlackBerry PlayBook tablet users. The flaw is not exploited in the wild and certain conditions have to be met in order for the attack to work.
“Successful exploitation requires an attacker to create a malicious website or compromise a legitimate website, and requires that a BlackBerry Z10 smartphone or BlackBerry tablet user view a webpage containing the malicious JavaScript content,” the company notes.
“If the requirements are met for exploitation, an attacker could potentially execute code in the BlackBerry Browser.”
The libefix vulnerability, which affects BlackBerry PlayBook tablets, requires an attacker to send a malicious image file which the victim must open or save.
If exploited successfully, the vulnerability allows cybercriminals to gain access to, read or modify data on the impacted tablet.
Finally, the Adobe Flash Player security holes affect users of BlackBerry Z10 and BlackBerry Q10 smartphones, and BlackBerry PlayBook tablets.
In order to successfully exploit this bug and be able to remotely execute code on the impacted devices, the attacker must convince the victim to access, or download as an Adobe AIR application, malicious Flash content.
Users are advised to apply the updates as soon as possible.