Feeds

BlackBerry goes all 'patch Tuesday' with multi vuln fixes

This will do wonders for the 'we're the best at secure messaging' fallback plan

Intelligent flash storage arrays

BlackBerry has issued four patches covering vulnerabilities in Flash, Webkit and libexif on its devices.

The Z10, Q10 and PlayBook all need patching for Adobe Flash vulnerabilities. If a user were led to a page containing crafted Flash content, an attacker could execute arbitrary code on an affected device. BSRT-2013-007 notes that an alternative attack would be to trick users into downloading an Adobe AIR application.

BlackBerry also states that since the Flash player isn't enabled by default on the devices, only phones whose owners have added Flash are vulnerable.

That's not the case for EXIF, whose tag parsing library libexif is also vulnerable to malicious crafted content. If a user viewed an “attack” image, and then tried to open it separately or save it, the attacker could “execute arbitrary code in the context of the application that opens the specially crafted image.”

BlackBerry seems to have been using an old version of the EXIF library, since this notice about the library vulnerabilities is dated July 2012.

Two Webkit vulnerabilities are also patched, one affecting only the Z10, the other also taking in the PlayBook tablet. The company says neither vulnerability is currently being exploited.

In both, BSRT-2013-008 and BSRT-2013-010, malicious JavaScript could offer a remote code execution opportunity.

BlackBerry says its sandboxing should limit the risk to users, should any exploits to these vulnerabilities exist.

BlackBerry 10 OS earlier than version 10.0.10.261 (except versions 10.0.9.2709 and 10.0.9.2743) and BlackBerry PlayBook tablet OS earlier than version 2.1.0.1753 are vulnerable to the BSRT-2013-008 bug. BlackBerry 10 OS earlier than version 10.1.0.1392 is vulnerable to BSRT-2013-010. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.