BlackBerry has patched a vulnerability in BlackBerry 10 that could have left devices open to being attacked by someone executing code remotely.
The firm’s BlackBerry Security Incident Response Team [BBSIRT] released the advisory and attempted to allay concerns over the bug by stating that it has no knowledge of anyone exploiting the bug in the wild and that the scope to use it is limited.
“BlackBerry is committed to protecting customers from potential security risks, and while there are no known attacks targeting customers at this time, we recommend that all BlackBerry 10 smartphone customers apply the latest software update to be protected from this issue,” said Scott Totzke, senior VP of security at BlackBerry, according to Threat Post.
BlackBerry’s advisory note goes on to state that the chance for an attacker to take advantage of the bug is severely limited and as such it poses a miniscule risk to customers, as the attacker would need physical access to the device or have “significant interaction” with them.
In order to successfully exploit the vulnerability an attacker has to send a malicious communication over a Wi-Fi network to a qconnDoor service. It then requires that the targeted user’s device is working in development mode. Another way it can be exploited is if the attacker connects an unpatched phone to a computer and sends it directly that way.
“Successful exploitation of this vulnerability could potentially result in an attacker terminating the qconnDoor service running on a user’s BlackBerry smartphone. In addition, the attacker could potentially execute code on the user’s BlackBerry smartphone with the privileges of the root user [super user],” the advisory added.