Smartphone maker Blackberry has detailed two security issues in its recently-launched Z10 model.
The second and potentially more serious, BSRT-2013-006, affects not the phone’s operating system itself but the Blackberry Protect app. The security issue here is the possibility of increased privileges that could allow a rogue app to take advantage of weak security options. In the right circumstances, a rogue app could prevent a Blackberry Protect command from operating, for example a remote wipe command in the event of the phone being lost. Ars Technica explains it that with the phone in hand, an attacker could use the vulnerability to gain access to personal information on the phone.
However, Blackberry says the vulnerability cannot be exploited without user interaction and there are three key factors that have to be in play for the exploit to be successful:
- The user must have downloaded and installed a malicious app that specifically targets this vulnerability. A BlackBerry smartphone prompts a user for permission to install any third-party software or to grant certain permissions to a third-party application.
- The user must enable BlackBerry Protect, which is not enabled by default.
- The user must have issued a password reset command through BlackBerry Protect website.
Blackberry says users with a Q10 or Z10 smartphone with Blackberry 10 OS version 10.0.10.648 or later are not affected.
Users who apply the latest 10.0.10.648 updates now available will be protected from the vulnerability.
Try these similar stories:
- Up-coming Blackberry 10.2 update to run Android 4.2.2 apps
- Google releases stock 4.2 keyboard to Google Play
- Cydia Impactor uses vulernability to root Android devices including Google Glass
- Specifications – BlackBerry Q10 smartphone
- Specifications – BlackBerry Q5 smartphone
- Google patches Chromecast bootloader hole, blocks root access
- HTC One Google Play Edition phone gets kernel source code
- Android 4.3 leaked to Galaxy S4, get yours now
- Rikomagic issues MK802IV Wi-Fi connection fix
- New Firefox OS smartphone to launch end of April