Forgot your password?

Buffer Overflow Vulnerability Discovered in BlackBerry OS 10.1 Developer Mode

image

It looks like BlackBerry had even more reasons for users to update to OS 10.2+. They were notified back in June if of last year about a buffet overflow vulnerability in devices that turn on developer mode. The overflow is in a process that runs as root so it could lead to rooting the device.

Either way BlackBerry asked the security researchers who found it to hold off on disclosing the issue. They were waiting for customers to update through carriers.

Check out the details in modzeros disclosure.  My guess is we will hear something from BlackBerry soon.

13 total comments on this postSubmit your comment!
  1. Good to know.

  2. This is a flaw yes, BUT – it would not have led to any big issues. On BB10, even as root you would not get access to the secure sandboxed app areas.

  3. Yeah and who walks around with the device in developer mode?
    Besides, you need the device password to get into the developer mode…

  4. This is what happens when you eat too much :-p

    PS. Wondering what I mean? Read the text again, carefully :-)

  5. Yeah I think you need to read the whole text to understand. First of all the vulnerability exists once you turn on developer mode AND remains vulnerable until it reboots. This is exploitable without a password over Wi-Fi. This exploitable process is running as root which is the super user and as far as I know there is no sandbox protection from root access.

  6. The interesting thing is that, as root, you’re free to explore the OS, connect to services using carefully crafted URLs and find new exploits.

  7. Yet, AT&T has not updated their customers to 10.2.1, or even 10.2. They (at least the ones who can’t / won’t find ways to update on their own) are still stuck on 10.1.

    But it’s also likely that such customers aren’t going into developer mode very often.

  8. This is a none issue for the average user. But I am sure the bashing media would have a field day making sure this spreads around.

    It’s rare for BlackBerry to be associated with the words Vulnerability.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC