[chele519]

I'm sorry if this has been posted before but I didn't see it anywhere and wasn't sure which forum to post it in.

BlackBerry Security Flaw Found in Web App Loader
Feb 12th, 2009
by Atomic.
New security vulnerability found in BlackBerry�s Web Application Loader, US-CERT Classifies as Highly-Dangerous.43511285

Research In Motion has issued a Security Advisory regarding a vulnerability found within the BlackBerry Application Web Loader.

The BlackBerry Application Web Loader is a Microsoft� ActiveX� web-based application loader that third party application developers use to create web pages which enable users to install applications directly on a BlackBerry device. This includes BlackBerry touchscreen phones, BlackBerry Bold, and all other BlackBerry smartphones.

Keep reading below to learn more about the security vulnerability and how fix it on your beloved Crackberry.

When a user accesses a web page that uses the BlackBerry Application Web Loader and accepts the permission prompt, the web page installs the BlackBerry Application Web Loader on the user�s computer. The BlackBerry Application Web Loader uses the .jad and .cod files stored on the web server to install an application on a BlackBerry device connected to the user�s computer.

By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.

The United States Computer Emergency Readiness Team (US-CERT) has assigned this vulnerability a Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit.

research-in-motion-headquarters

BlackBerry smartphone users are strongly urged to view Security Advisory KB16248 (found at the bottom of this post) and apply the resolution or implement the workaround listed in the document to avoid the risk. Users can also disable the ActiveX� control inwithin their browsers.

This high-level security alert comes less than a month after RIM issued patches to fix certain vulnerabilities in the PDF feature used by BlackBerry users to view attachments sent via email. As per RIM, these vulnerabilities enabled malicious individuals to send an email message containing a specially infected PDF file that when opened on a BlackBerry smartphone, would cause memory corruption and possibly lead to erratic code execution on the BlackBerry Attachment service host.

Please visit the RIM Knowledge Base to learn more details about the security alert and how to resolve the problem.

10% Off - 1 YR Trend Micro Internet Security Pro - Coupon Code:tmpro

RIM�s Security Advisory KB16248 can be found here.

This is the link. BlackBerry Security Flaw Found in Web App | AtomicSub Technology

[wnm]

On Wed. I got a windows XP update to roll back an ActiveX (10 I think) because of a security situation.

[Jazzi-Rocks]

I've received two Microsoft updates, one on Tuesday and one on Wednesday and installed them on my XP; I sure hope that they address the issue. I hate to have to BUY security for my BB.

Thanks for the article, I will definitely be reading it and checking out the workaround.

**Update: I read the article and apparently it is mainly for Windows Explorer and I use Firefox. However people are able to download a workaround app through the Development area, its easy to create an account and I downloaded it; just haven't installed it yet.**

~Jazzi~

[wnm]

I use Chrome. I check my IE and did not see it in there. Checked Chrome as best I could and did not see it as well. I'll have to check on my laptop at home.