updated 09:45 pm EST, Fri January 13, 2012
RIM claims fix in 2.0, no known exploitation
Researchers from the Intrepidus Group, a provider of mobile application and device security services, has identified a potential security breach with the RIM BlackBerry PlayBook tablet. The problem exists in the BlackBerry Bridge operation between the PlayBook and a BlackBerry smartphone. The exploit could allow an attacker to listen in on communications between the devices and intercept e-mail, calendar events, and other transmitted sensitive information.
An attacker cannot passively access the information. In order to be successful, a malicious mobile app would first have to be installed on the PlayBook or another exploitable flaw would have to be present.
The exposure also only exists in communications between the PlayBook and another BlackBerry device. Part of the problem is the tablet doesn't currently have a native e-mail client, so users who want to read their corporate e-mail on the PlayBook either need to use webmail or connect to their BlackBerry handsets using Bridge.
RIM has acknowledged the problem and has a fix that it will roll out as part of its BlackBerry PlayBook OS 2.0 firmware update in February. The company claims that it is not aware of any instances when the vulnerability has actually been exploited. [via Kapersky Lab's threat post]