14 DAY TRIAL // BlackBerry has recently addressed remote code execution and local privilege elevation vulnerabilities in the remote file access feature of BlackBerry Link. There’s no evidence that the security hole is exploited in the wild.
The flaws plague the Peer Manager component of BlackBerry Link for Windows version 1.0.1.12 to 1.2.0.28, and BlackBerry Link for Mac OS version 1.0.1 (build 6) to 1.1.1 (build 35).
In its advisory, BlackBerry notes that there are certain conditions that have to be met in order for an attack to be successful.
The attacker has to convince a user who has Link installed on his system to click on a link or access a malicious webpage. Another attack vector requires a local attacker to log in to an affected system while the file access feature is running under a different user account.
Hackers could gain access to the data in the Link remote file access folder only under these circumstances.
BlackBerry has released a software update to fix these issues.