Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.

US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the
* Exercise caution when accessing untrusted websites in browsers,
email messages, or instant messages.
* Disable the use of JavaScript in the BlackBerry Browser or Disable
the BlackBerry Browser as suggested in BlackBerry security notice

Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available.

Relevant Url(s):


Comments are closed.