CERT mailing list archives
Current Activity - BlackBerry WebKit Browser Engine Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 16 Mar 2011 10:07:53 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity BlackBerry WebKit Browser Engine Vulnerability Original release date: March 16, 2011 at 9:33 am Last revised: March 16, 2011 at 9:33 am Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device. US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the risks: * Exercise caution when accessing untrusted websites in browsers, email messages, or instant messages. * Disable the use of JavaScript in the BlackBerry Browser or Disable the BlackBerry Browser as suggested in BlackBerry security notice KB26132. Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection> <http://www.doecirc.energy.gov/bulletins/t-579.shtml> ==== This entry is available at http://www.us-cert.gov/current/index.html#blackberry_webkit_browser_vulnerability -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTYDEKj6pPKYJORa3AQLw+gf9GuqEg5/Mw5WHBWYoLYRO4FAGOX0KP7K1 ptUn+9wPBegQULTBS0gTKTC1AQuYF+KiRogqvmOLIuiRJCNKS+6Qkyu6l2L6/A20 yOYdivYe8HM3h27ZCu4Z3nFlXFiViQyGeSJpW5W0D/F3zAg9lSzubrKJSccEjZqR 7G5js6vIcggbvff09cnQF16agV157u2vkeLhDjMlAWttbfaPn1Qi8g7a8uXm6U2L 0Fw/DaBxxF1I31f2xqYvod+Yrad66yR1cbUgmz9MW9SL2oUaEsOsqxId7j2WYpV8 aP+YXaTkl/Zzy2R3Wp+1bvmE6tAzEt6tqhFryNDK3AgEcBY0Y2t3oQ== =8BkB -----END PGP SIGNATURE-----
Current thread:
- Current Activity - BlackBerry WebKit Browser Engine Vulnerability Current Activity (Mar 16)