New security vulnerability found in BlackBerry’s Web Application Loader, US-CERT Classifies as Highly-Dangerous.
Research In Motion has issued a Security Advisory regarding a vulnerability found within the BlackBerry Application Web Loader.
The BlackBerry Application Web Loader is a Microsoft® ActiveX® web-based application loader that third party application developers use to create web pages which enable users to install applications directly on a BlackBerry device. This includes BlackBerry touchscreen phones, BlackBerry Bold, and all other BlackBerry smartphones.
Keep reading below to learn more about the security vulnerability and how fix it on your beloved Crackberry.
When a user accesses a web page that uses the BlackBerry Application Web Loader and accepts the permission prompt, the web page installs the BlackBerry Application Web Loader on the user’s computer. The BlackBerry Application Web Loader uses the .jad and .cod files stored on the web server to install an application on a BlackBerry device connected to the user’s computer.
By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.
The United States Computer Emergency Readiness Team (US-CERT) has assigned this vulnerability a Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit.
BlackBerry smartphone users are strongly urged to view Security Advisory KB16248 (found at the bottom of this post) and apply the resolution or implement the workaround listed in the document to avoid the risk. Users can also disable the ActiveX® control inwithin their browsers.
This high-level security alert comes less than a month after RIM issued patches to fix certain vulnerabilities in the PDF feature used by BlackBerry users to view attachments sent via email. As per RIM, these vulnerabilities enabled malicious individuals to send an email message containing a specially infected PDF file that when opened on a BlackBerry smartphone, would cause memory corruption and possibly lead to erratic code execution on the BlackBerry Attachment service host.
Please visit the RIM Knowledge Base to learn more details about the security alert and how to resolve the problem.
10% Off - 1 YR Trend Micro Internet Security Pro - Coupon Code:tmpro
RIM’s Security Advisory KB16248 can be found here.
US-CERT Current Activity can be found here.
Find out how easy it is to save on car insurance. Visit Esurance today!
[...] news by Atomic « Review: Iomega Home Media Network Hard Drive Intel Communities: IT@Intel Blog: [...]