Security-related bulletins for BlackBerry Z10 and BlackBerry PlayBook are released

On Monday, BlackBerry released a pair of software bulletins for BlackBerry Z10 and the BlackBerry PlayBook. The first advisory, BSRT-2013-005, deals with a remote code execution vulnerability found in Adobe Flash on both the BlackBerry PlayBook and the all-touch BlackBerry Z10. To have the exploit affect your tablet or phone, you would have had to been tricked into opening maliciously created Adobe Flash content in an email or website.

This is the story of BlackBerry in a nut shell. Android users, psyched to have Flash running on their browser starting in late 2009, started to get tired of it by 2011. Adobe Flash Player is a large file that many Android users started to delete and many started to skip installing it at all. By November 2011, Adobe had killed off mobile Flash Player for Android. Ironically, the browser on the BlackBerry PlayBook and on BlackBerry 10 devices support Flash just when many Android users have given up on the plug-in.

As for the exploit, BlackBerry Z10 users running BlackBerry 10 OS version 10.0.10.648 or later and BlackBerry PlayBook tablet users running version 2.1.0.1526 or later, are not affected and those who have updated the latest software update for both devices are protected. The fixes repair problems originally reported back in January.

The second bulletin released, BSRT-2013-006, covers an vulnerability found with the BlackBerry Protect app found on the BlackBerry Z10. For an attacker to exploit the vulnerability, he would need to have the phone being attacked in his physical possession and use BlackBerry Protect to reset the device password. If the user has the same password for his work perimeter and for the device, the attacker could unlock the phone and gain entry to any local or enterprise app that uses the same password as the device's password.

Thanks Anonymous Tipster!

source: BlackBerry (1), (2) via NakedSecurity