The BlackBerry World app prior to 5.0.0.262 on BlackBerry 10 OS 10.2.0, prior to 5.0.0.263 on BlackBerry 10 OS 10.2.1, and prior to 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle malicious users to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackberry blackberry_world |
||
blackberry blackberry_os 10.3.0 |
||
blackberry blackberry_os 10.2.1 |
||
blackberry blackberry_os 10.2.0 |