PROBLEM:
Blackberry PlayBook Unspecified WebKit Bug Lets Remote Users Execute Arbitrary Code
PLATFORM:
BlackBerry 6, BlackBerry 7, BlackBerry 7.1, and BlackBerry PlayBook tablet software
ABSTRACT:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
referenceĀ LINKS:
SecurityTracker Alert ID: 1026769
BlackBerry Security Notice Article ID: KB30152
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability was reported in Blackberry PlayBook. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in WebKit and execute arbitrary code on the target user's system.
Impact:
Successful exploitation of the vulnerability on the BlackBerry PlayBook browser requires the BlackBerry PlayBook user to browse to a website that the attacker has maliciously designed.
Solution:
Please see "Restrict BlackBerry smartphone users to only browse trusted websites via BlackBerry MDS Connection Service" or "Disable the BlackBerry Browser" on BlackBerry Knowledge Base BSRT-2012-002 Vulnerability workaround