Blackberry issues update for remote code execution vulnerability | SC Media
Strategy, Vulnerability management

Blackberry issues update for remote code execution vulnerability

April 9, 2014

Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability (RCE) could threaten phone security.

Although Blackberry hasn't documented any attacks due to this vulnerability, the company still issued a software update, according to the advisory. The update fully protects all Blackberry 10 phones.

The security threat targets Blackberry's qconnDoor service, which allows developers to access the phone. Attackers can exploit the vulnerability over Wi-Fi or through a USB by sending a specific message to the phone's qconnDoor service.

For the Wi-Fi attack to work, the phone owner must have development mode enabled and be on the same network as the attackers. To target a phone via USB, the attacker must have physical access to the phone.

prestitial ad