BlackBerry stressed that there have been no exploits found in the wild against customers using devices with these vulnerabilities.
“BlackBerry is committed to protecting customers from third-party security issues, and we recommend that all customers apply the latest software updates to protect their devices from these Adobe Flash, Webkit and libexif vulnerabilities,” said Adrian Stone, director of the BlackBerry Security Incident Response and Threat Analysis team, said in a statement.
For each vulnerability, BlackBerry said that customer risk is limited thanks to the BlackBerry 10 OS and the BlackBerry tablet OS design, which restricts an application's access to system resources and the private data of other applications.
It’s nonetheless worthwhile to look at the issues. First up is Adobe Flash (BSRT-2013-007). The device-maker said that there are several Flash Player remote code execution vulnerabilities out there that affect the BlackBerry Z10 and BlackBerry Q10 smartphones, and BlackBerry PlayBook tablets. Successful exploitation would require an attacker craft malicious Adobe Flash content that they must then persuade the customer to access via a webpage, or as a downloaded Adobe AIR application.
Another security advisory addresses a WebKit remote code execution vulnerability (BSRT-2013-008), which affects the BlackBerry Z10 smartphone and BlackBerry PlayBook tablets. Here, successful exploitation requires an attacker to create a malicious website or compromise a legitimate website, and requires that a BlackBerry Z10 smartphone or BlackBerry tablet user view a webpage containing the malicious JavaScript content.
A second WebKit remote code execution vulnerability (BSRT-2013-010) affects BlackBerry Z10 smartphone customers. Successful exploitation requires an attacker to create a malicious website or compromise a legitimate website, and requires that a BlackBerry Z10 smartphone user view a webpage containing the malicious JavaScript content.
The libexif flaw (BSRT-2013-009) affects BlackBerry PlayBook tablet customers. Successful exploitation requires an attacker to craft a malicious image file and also requires that a user opens or saves this image file from an email or website.
Back in June, BlackBerry patched two security vulnerabilities, one of which addresses Adobe Flash flaws in the software for the Blackberry Playbook tablet and Blackberry Z10 touchscreen smartphone. It too was a difficult-to-exploit flaw: "Successful exploitation requires not only that a customer enable BlackBerry Protect, use the feature to reset the device password and download a specifically crafted malicious app, but also that an attacker gain physical access to the smartphone," the company said.