BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities

High Nessus Plugin ID 71992

Synopsis

The version of BlackBerry 10 OS is affected by multiple remote code execution vulnerabilities.

Description

The mobile device uses a version of BlackBerry 10 OS that is prior to 10.1.0.1880. It is, therefore, affected by the following vulnerabilities in the version of Flash Player supplied with it :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2013-1378, CVE-2013-1379, CVE-2013-1380)

- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the installed OS and has not attempted to verify whether Flash content is disabled in the device's browser.

Solution

Upgrade to BlackBerry version 10.1.0.1880 or later. Alternatively, refer to the vendor's advisory to disable Flash content.

See Also

http://support.blackberry.com/kb/articleDetail?ArticleNumber=000035565

Plugin Details

Severity: High

ID: 71992

File Name: blackberry_10_1_0_1880.nbin

Version: $Revision: 1.38 $

Type: local

Published: 2014/01/16

Modified: 2018/07/19

Dependencies: 60033

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os, cpe:/a:adobe:flash_player

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/14

Vulnerability Publication Date: 2013/03/07

Reference Information

CVE: CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555

BID: 58396, 58947, 58949, 58951