Vulnerability Management

Blackberry issues update for remote code execution vulnerability


Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability (RCE) could threaten phone security.

Although Blackberry hasn't documented any attacks due to this vulnerability, the company still issued a software update, according to the advisory. The update fully protects all Blackberry 10 phones.

The security threat targets Blackberry's qconnDoor service, which allows developers to access the phone. Attackers can exploit the vulnerability over Wi-Fi or through a USB by sending a specific message to the phone's qconnDoor service.

For the Wi-Fi attack to work, the phone owner must have development mode enabled and be on the same network as the attackers. To target a phone via USB, the attacker must have physical access to the phone.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.