Embattled handset maker BlackBerry has
faced another blow, after the company warned users of a security bug
affecting the software used to link its BB10 handsets to PCs.
Sites such as The Register
pointed out that the bug comes at a bad time for a company whose
security has been a major selling point, describing the Canadian firm as
“on the brink”.The U.S. Computer Emergency Response Team has advised all users that, “BlackBerry has released a security advisory to address potential vulnerabilities that affect a remote file access feature within BlackBerry Link for Blackberry 10 Operating Systems. These vulnerabilities could allow an attacker to obtain elevation of privilege or execute arbitrary code remotely.”
The flaw was discovered by Google researcher Tavis Omandy, who describes it as “fairly simple,” to execute. It affects the Link software used to share files between handsets and PCs.
The Register says in its report that, the fact that the Link software
allows users access to files without authentication, “This clears the
way for an attacker, under certain conditions, to elevate their login
privileges and run arbitrary commands by tricking another user into
clicking on a specially crafted web link or visiting a malicious web
page.”BlackBerry says in its security advisory, “This advisory addresses an elevation of privilege or remote code execution vulnerability that is not currently being exploited but affects BlackBerry Link. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction.”
Blackberry has issued a patch that addresses the vulnerability.
Next iPhone News points
out that security admins will at least benefit from one fact – the
number of BlackBerry users has fallen hugely in recent years, down to
1.7%, according to IDC.
No comments:
Post a Comment