Elevation of privilege vulnerability for the BlackBerry PlayBook

#BlackBerry #PlayBook

Doh!

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29191

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.2/10.

12-06-2011: A vulnerability that could allow elevation of access privilege on a BlackBerry PlayBook tablet exists in the BlackBerry PlayBook service used to share files over a USB connection between the tablet and a computer running BlackBerry Desktop Software. This vulnerability cannot be exploited by a remote attacker and it presents a low security risk of elevation of privilege attacks against BlackBerry PlayBook tablet users. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.

A user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet. An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: