You are here

U-119: Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

March 7, 2012 - 7:00am

Addthis

PROBLEM:

Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code

PLATFORM:

BlackBerry 6, BlackBerry 7, BlackBerry 7.1, and BlackBerry PlayBook tablet software

ABSTRACT:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

referenceĀ  LINKS:

SecurityTracker Alert ID: 1026769
BlackBerry Security Notice Article ID: KB30152

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in Blackberry PlayBook. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in WebKit and execute arbitrary code on the target user's system.

Impact:

Successful exploitation of the vulnerability on the BlackBerry PlayBook browser requires the BlackBerry PlayBook user to browse to a website that the attacker has maliciously designed.

Solution:

Please see "Restrict BlackBerry smartphone users to only browse trusted websites via BlackBerry MDS Connection Service" or "Disable the BlackBerry Browser" on BlackBerry Knowledge Base BSRT-2012-002 Vulnerability workaround

Addthis