[ISN] RIM urges BlackBerry users to turn off JavaScript

From: InfoSec News <alerts_at_private>
Date: Thu, 17 Mar 2011 02:34:38 -0600 (CST)
http://www.networkworld.com/news/2011/031611-rim-blackberry-javascript.html

By Brad Reed
Network World
March 16, 2011

Research in Motion is recommending that IT departments and users disable 
JavaScript on their BlackBerry devices, citing a vulnerability unearthed 
at this year's Pwn2Own hacker challenge.

According to RIM, the vulnerability could allow a hacker to access a 
device's user data through the BlackBerry Browser if the user visits a 
"maliciously designed" Web site. The vulnerability only affects devices 
that have BlackBerry OS 6 installed, since it can only be exploited in 
devices that utilize the WebKit browser engine. RIM first started 
remaking its browser for BlackBerry OS 6 in 2009, when it purchased open 
source Web browser developer Torch Mobile, whose flagship Iris Browser 
is based on the open source Webkit browser engine. Any BlackBerry 
devices that contain older versions of the BlackBerry operating system 
will not be impacted.

RIM says the vulnerability will only allow hackers to gain access to 
data stored on devices' media cards and built-in media storage and that 
it will not give hackers access to data on the application storage 
portion of the phone, such as user data stored by e-mail, calendar and 
contact applications. So far, RIM says it has seen no actual cases of 
anyone exploiting this vulnerability outside of a test environment.

RIM is providing IT departments with guidelines to disable JavaScript on 
several BlackBerry devices, including the Torch 9800, the Bold 9700 and 
the Curve 9300. If this fails, RIM recommends disabling the BlackBerry 
Browser on devices altogether until the vulnerability can be patched.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Mar 17 2011 - 01:34:38 PDT

This archive was generated by hypermail 2.2.0 : Thu Mar 17 2011 - 01:41:28 PDT