You are here

U-059: Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges

December 13, 2011 - 6:00am

Addthis

PROBLEM:

Blackberry PlayBook File Sharing Option Lets Local Users Gain Elevated Privileges.

PLATFORM:

BlackBerry PlayBook tablet software version 1.0.8.4985 and earlier

ABSTRACT:

A local user can obtain root privileges on the target tablet system.

reference LINKS:

SecurityTracker Alert ID:1026386
Vulnerability Summary for CVE-2011-0291
BlackBerry Technical Solution Center

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in Blackberry PlayBook. A local user can obtain elevated privileges on the target system. On a tablet with File Sharing enabled and connected via USB to a system running BlackBerry Desktop Software, a user can modify a backup archive file on the system to gain root privileges on the target tablet.

Impact:

A local user can obtain root privileges on the target tablet system.

Solution:

Update your BlackBerry PlayBook tablet software to version 1.0.8.6067 or later to apply the update. BlackBerry Technical Solution Center

Addthis