BlackBerry Warns of Z10 Smartphone Security Flaw
A vulnerability in BlackBerry Protect could provide an attacker with the device password.
BlackBerry recently issued an advisory warning of a privilege escalation vulnerability affecting BlackBerry Z10 smartphones, which the company says is not being actively exploited (h/t The H Security).
The vulnerability could allow an attacker to take advantage of weak permissions in the BlackBerry Protect service to (1) access the device password if a remote password reset command has been issued through the BlackBerry Protect Web site, and (2) prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe.
With physical access to the device, an attacker could then unlock it, access it over a USB tether to transfer data, enable development mode, and/or change the device password.
BlackBerry Z10 users are advised to protect their devices by updating to the latest version of the BlackBerry 10 OS, version 10.0.10.648.