BlackBerry releases buffer overflow fix



Just last year, there was a report regarding a buffer overflow vulnerability with earlier verions of BlackBerry 10.2.0.1055. This was made by the folks at modzero. In response, BlackBerry has finally released a fix.

This is the official press release:

A stack-based buffer overflow vulnerability exists in the qconnDoor service supplied with affected versions of BlackBerry 10 OS. The qconnDoor service is used by BlackBerry 10 OS to provide developer access, such as shell and remote debugging capabilities, to the smartphone.

Successful exploitation of this vulnerability could potentially result in an attacker terminating the qconnDoor service running on a user’s BlackBerry smartphone. In addition, the attacker could potentially execute code on the user’s BlackBerry smartphone with the privileges of the root user (superuser).

An attacker can exploit this vulnerability in the following ways:

  • Over Wi-Fi – In order to exploit this vulnerability, an attacker must send a specially crafted message to the qconnDoor service on a smartphone located on the same Wi-Fi network. The smartphone user must have also enabled development mode on the smartphone before an attack.
  • Over USB – In order to exploit this vulnerability, an attacker must gain physical access to a smartphone and then send a specially crafted message to the qconnDoor service over USB.

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.9. View the linked Common Vulnerabilities and Exposures (CVE) identifier for a description of the security issue that this security advisory addresses. – CVE-2014-1468

Everyone who’s affected is strongly advised to update their OS ASAP. Of course, if you’re running on later versions of BlackBerry OS 10.2.0.1055, then there is nothing to worry about.


Leave a Reply

Your email address will not be published. Required fields are marked *