Elevation of privilege vulnerability for the BlackBerry PlayBook

#BlackBerry #PlayBook



This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.2/10.

12-06-2011: A vulnerability that could allow elevation of access privilege on a BlackBerry PlayBook tablet exists in the BlackBerry PlayBook service used to share files over a USB connection between the tablet and a computer running BlackBerry Desktop Software. This vulnerability cannot be exploited by a remote attacker and it presents a low security risk of elevation of privilege attacks against BlackBerry PlayBook tablet users. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.

A user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet. An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set.