BlackBerry Fixes Remote Code Vulnerability in BES10

MalwareVirus

Level 1
Thread author
Oct 6, 2012
770
Microsoft and Adobe weren’t the only companies releasing security updates yesterday. BlackBerry piled on the patch parade with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.

The problem lies in the Universal Device Service (UDS) that’s installed by default in BlackBerry Enterprise Service (BES) versions 10.0 to 10.1.2. If an attacker has access to the corporate network that’s hosting the UDS and can determine its address, they can execute code as the BES10 admin service account without authentication.

“In order to exploit this vulnerability, an attacker must use the Remote Method Invocation (RMI) interface to serve a malicious package to JBoss from a second server on the network that is not blocked by a firewall,” reads BlackBerry’s advisory.

Read More
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top