http://www.networkworld.com/news/2011/031611-rim-blackberry-javascript.html By Brad Reed Network World March 16, 2011 Research in Motion is recommending that IT departments and users disable JavaScript on their BlackBerry devices, citing a vulnerability unearthed at this year's Pwn2Own hacker challenge. According to RIM, the vulnerability could allow a hacker to access a device's user data through the BlackBerry Browser if the user visits a "maliciously designed" Web site. The vulnerability only affects devices that have BlackBerry OS 6 installed, since it can only be exploited in devices that utilize the WebKit browser engine. RIM first started remaking its browser for BlackBerry OS 6 in 2009, when it purchased open source Web browser developer Torch Mobile, whose flagship Iris Browser is based on the open source Webkit browser engine. Any BlackBerry devices that contain older versions of the BlackBerry operating system will not be impacted. RIM says the vulnerability will only allow hackers to gain access to data stored on devices' media cards and built-in media storage and that it will not give hackers access to data on the application storage portion of the phone, such as user data stored by e-mail, calendar and contact applications. So far, RIM says it has seen no actual cases of anyone exploiting this vulnerability outside of a test environment. RIM is providing IT departments with guidelines to disable JavaScript on several BlackBerry devices, including the Torch 9800, the Bold 9700 and the Curve 9300. If this fails, RIM recommends disabling the BlackBerry Browser on devices altogether until the vulnerability can be patched. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Thu Mar 17 2011 - 01:34:38 PDT
This archive was generated by hypermail 2.2.0 : Thu Mar 17 2011 - 01:41:28 PDT