Forgot your password?

BlackBerry World Updated to Fix Vulnerability

AppWorldofPossibilities.jpgWe have picked up a post via MobileSyrup that BlackBerry has published a knowledge base article outlining a vulnerability in AppWorld.

A vulnerability exists in the BlackBerry World service’s download mechanism, which is used by the BlackBerry World app on affected BlackBerry 10 smartphones. BlackBerry World allows you to search for and download apps for your BlackBerry device. BlackBerry World employs application integrity checking and secure download methods to ensure that the correct app is downloaded and installed. In some cases, a weakness in these methods could allow an attacker, through a man-in-the-middle attack, to intercept a user’s BlackBerry World application download and, as a result, install malware on the device. Successful exploitation of this vulnerability could potentially result in an attacker gaining access to any data or settings that are accessible through the permissions that the user accepted when installing the malicious app.

In order to exploit this vulnerability, an attacker must intercept a user’s application download/update request from BlackBerry World over a compromised network and replace the response from the server with a malicious file. The user must then accept the app permissions and install the malicious application.

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 4.3 View the linked Common Vulnerabilities and Exposures (CVE) identifier for a description of the security issue that this security advisory addresses.

CVE identifier — CVSS score
CVE-2014-6611 — 4.3

Affected Software:

BlackBerry 10 OS version Affected BlackBerry World versions:
10.3.0 Versions earlier than
10.2.1 Versions earlier than
10.2.0 Versions earlier than

Non-Affected Software:

BlackBerry 10 OS version Resolution BlackBerry World versions:
10.3.0 Versions and later
10.2.1 Versions and later
10.2.0 Versions and later


BlackBerry 10 OS version Resolution BlackBerry World versions:
10.3.0 Versions and later
10.2.1 Versions and later
10.2.0 Versions and later

This software update resolves this vulnerability on affected versions of BlackBerry 10 smartphones. Update BlackBerry World software to the version specified for your BlackBerry 10 OS version to be fully protected from this issue. Customers running an affected version who cannot update at this time should apply an available workaround.

Update by accessing the BlackBerry World update notification in the Hub
BlackBerry smartphones use notifications to keep customers informed about software updates. When an app update notification is available, it appears in Notifications section of the BlackBerry Hub on affected BlackBerry 10 smartphones.

View the notifications and follow the steps to access the latest app update notification and complete the app update.

Manually update the BlackBerry World application
You can download BlackBerry World or manually update your existing version of BlackBerry World by visiting from your BlackBerry device or by visiting from a computer.

*** Be sure to check and update this as soon as you can. ***

4 total comments on this postSubmit your comment!
  1. Please educate me. How are the affected and non-affected versions the same? How can one version number be affected and not affected at the same time?

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC