RIM Patches Dingleberry Jailbreak With BlackBerry PlayBook OS 1.0.8.6067, Gets Jailbroken Again

By Mauricio

With BlackBerry DevCon going on in Singapore and now a BlackBerry PlayBook root exploit being made available by Dingleberry, they definitely have their hands full. For those of you that haven’t heard of it yet, Dingleberry is a software created by Chris Wade and a few others that allows a user to gain root access with elevated privileges. Keep in mind that you should only be using this jailbreak if you know what root access means and as always, at your own risk.

In response to this Dingleberry jailbreak and exploit RIM released Tablet OS 1.0.8.6067 with daylight savings time updates and as expected, a patch for the exploit. The full changelog of this PlayBook OS update is detailed in KB29191, a BlackBerry Security Advisory doc in the BlackBerry Technical Solution Center. This new OS update didn’t stop Chris from updating Dingleberry with yet another way to gain root access but it only works if you haven’t already updated to 1.0.8.6067.

You can update your BlackBerry PlayBook Tablet OS by tapping on the Options gear in the top right corner and then going to Software Updates, then Check for Updates. If you need help you can watch this step-by-step guide video. Be sure to post your feedback on the PlayBook OS update and Dingleberry in the comments or in the forums!

Elevation of privilege vulnerability in file sharing capability impacts the BlackBerry PlayBook tablet software
Overview
A vulnerability that could allow elevation of access privilege on a BlackBerry PlayBook tablet exists in the BlackBerry PlayBook service used to share files over a USB connection between the tablet and a computer running BlackBerry Desktop Software. This vulnerability cannot be exploited by a remote attacker and it presents a low security risk of elevation of privilege attacks against BlackBerry PlayBook tablet users. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.
A user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet. An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set.
Problem
If the BlackBerry PlayBook tablet user turns on the File Sharing option, the user can share files over an active USB connection between the tablet and a computer that is running BlackBerry Desktop Software. The user can use the BlackBerry Desktop Software to create a backup archive file of part of the contents of the BlackBerry PlayBook file system. The archive file is stored on the connected computer.
A user with local access to the tablet and the computer could use the vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a File Sharing service configuration file in order to gain root user privileges on the BlackBerry PlayBook tablet. As best practices, users should set a strong BlackBerry PlayBook tablet password, and also set a password to protect shared files when enabling file sharing.
Resolution
RIM has issued BlackBerry PlayBook tablet software version 1.0.8.6067 which resolves this vulnerability on affected versions of the tablet. Update your BlackBerry PlayBook tablet software to version 1.0.8.6067 or later to apply the update.
Note: This BlackBerry PlayBook tablet update includes all previously released security updates to the BlackBerry Tablet OS.

Full details in KB29191.

And now for information on Dingleberry’s update to exploit PlayBook OS 1.0.8.6067…

[blackbirdpie url="http://twitter.com/#!/cmwdotme/status/144245161919127553"]