Wednesday, 20 November 2013

More woes for BlackBerry after “serious” security bug alert

Embattled handset maker BlackBerry has faced another blow, after the company warned users of a security bug affecting the software used to link its BB10 handsets to PCs.
Sites such as The Register pointed out that the bug comes at a bad time for a company whose security has been a major selling point, describing the Canadian firm as “on the brink”.
The U.S. Computer Emergency Response Team has advised all users that, “BlackBerry has released a security advisory to address potential vulnerabilities that affect a remote file access feature within BlackBerry Link for Blackberry 10 Operating Systems. These vulnerabilities could allow an attacker to obtain elevation of privilege or execute arbitrary code remotely.”
The flaw was discovered by Google researcher Tavis Omandy, who describes it as “fairly simple,” to execute. It affects the Link software used to share files between handsets and PCs.
The Register says in its report that, the fact that the Link software allows users access to files without authentication, “This clears the way for an attacker, under certain conditions, to elevate their login privileges and run arbitrary commands by tricking another user into clicking on a specially crafted web link or visiting a malicious web page.”
BlackBerry says in its security advisory, “This advisory addresses an elevation of privilege or remote code execution vulnerability that is not currently being exploited but affects BlackBerry Link. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction.”
Blackberry has issued a patch that addresses the vulnerability.
Next iPhone News points out that security admins will at least benefit from one fact – the number of BlackBerry users has fallen hugely in recent years, down to 1.7%, according to IDC.

No comments:

Post a Comment