BlackBerry has been leveraging and building on its reputation as the secure OS platform. Commercially, it is touted as the most secure operating system available. But with all softwares, there are bound to be bugs.
Now, the BlackBerry World, has a vulnerability that manipulates a weakness in the integrity checking system in verifying the applications that a user downloads. In this instance, an attacker could replace a legitimate download with a malicious app, should the attacker gain a man-in-the-middle (MITM) position between the user and BlackBerry World servers.
Well, BlackBerry has already patched the bug. But, the vulnerability still affects previous versions of the BlackBerry World app available for OS 10.2, 10.2.1 and 10.3.
BlackBerry 10 OS version | Affected BlackBerry World versions: |
10.3.0 | Versions earlier than 5.1.0.53 |
10.2.1 | Versions earlier than 5.0.0.263 |
10.2.0 | Versions earlier than 5.0.0.262 |
According to BlackBerry’s Knowledge Base:
A vulnerability exists in the BlackBerry World service’s download mechanism, which is used by the BlackBerry World app on affected BlackBerry 10 smartphones. BlackBerry World allows you to search for and download apps for your BlackBerry device. BlackBerry World employs application integrity checking and secure download methods to ensure that the correct app is downloaded and installed.
In some cases, a weakness in these methods could allow an attacker, through a man-in-the-middle attack, to intercept a user’s BlackBerry World application download and, as a result, install malware on the device. Successful exploitation of this vulnerability could potentially result in an attacker gaining access to any data or settings that are accessible through the permissions that the user accepted when installing the malicious app.
So head over to BlackBerry World to update now!