BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities
High Nessus Plugin ID 71992
SynopsisThe version of BlackBerry 10 OS is affected by multiple remote code execution vulnerabilities.
DescriptionThe mobile device uses a version of BlackBerry 10 OS that is prior to 10.1.0.1880. It is, therefore, affected by the following vulnerabilities in the version of Flash Player supplied with it :
- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2013-1378, CVE-2013-1379, CVE-2013-1380)
- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2013-2555)
Note that this plugin has relied solely on the version of the installed OS and has not attempted to verify whether Flash content is disabled in the device's browser.
SolutionUpgrade to BlackBerry version 10.1.0.1880 or later. Alternatively, refer to the vendor's advisory to disable Flash content.