BlackBerry World App Vulnerability on BlackBerry 10 Devices by BlackBerry
CVE-2014-6611

Currently unrated

Key Information:

Vendor: Blackberry
Status: Blackberry World; Blackberry Os
Vendor: CVE Published:; 25 October 2014

What is CVE-2014-6611?

The BlackBerry World app prior to specific versions on BlackBerry 10 OS fails to validate download or update requests effectively. This security gap can potentially be abused by user-assisted man-in-the-middle attackers, allowing them to spoof server responses and trigger the download of malicious applications by manipulating the data stream between the client and server.

References

http://www.blackberry.com/btsc/kb36360

x_refsource_CONFIRM

http://secunia.com/advisories/61013

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2014
Vulnerability Reserved
Sep 18, 2014

Blackberry

What is CVE-2014-6611?

References

Timeline