Blackberry finds critical bug in Z10 phone

z10

Smartphone maker Blackberry has detailed two security issues in its recently-launched Z10 model.

According to security firm SophosBSRT-2013-005 covers and fixes an issue regarding the version of Adobe Flash Player included in both the Z10 and PlayBook devices.

The second and potentially more serious, BSRT-2013-006, affects not the phone’s operating system itself but the Blackberry Protect app. The security issue here is the possibility of increased privileges that could allow a rogue app to take advantage of weak security options. In the right circumstances, a rogue app could prevent a Blackberry Protect command from operating, for example a remote wipe command in the event of the phone being lost. Ars Technica explains it that with the phone in hand, an attacker could use the vulnerability to gain access to personal information on the phone.

However, Blackberry says the vulnerability cannot be exploited without user interaction and there are three key factors that have to be in play for the exploit to be successful:

  • The user must have downloaded and installed a malicious app that specifically targets this vulnerability. A BlackBerry smartphone prompts a user for permission to install any third-party software or to grant certain permissions to a third-party application.
  • The user must enable BlackBerry Protect, which is not enabled by default.
  • The user must have issued a password reset command through BlackBerry Protect website.

Blackberry says users with a Q10 or Z10 smartphone with Blackberry 10 OS version 10.0.10.648 or later are not affected.

Users who apply the latest 10.0.10.648 updates now available will be protected from the vulnerability.

Try these similar stories:

Loading Facebook Comments ...

1 comment for “Blackberry finds critical bug in Z10 phone

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *