current-activity March 2011 archive
Main Archive Page > Month Archives  > current-activity archives
current-activity: US-CERT Current Activity - BlackBerry WebKit B

US-CERT Current Activity - BlackBerry WebKit Browser Engine Vulnerability

From: Current Activity <us-cert_at_nospam>
Date: Wed Mar 16 2011 - 14:07:53 GMT
To: Current Activity <current-activity@us-cert.gov>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

BlackBerry WebKit Browser Engine Vulnerability

Original release date: March 16, 2011 at 9:33 am
Last revised: March 16, 2011 at 9:33 am

Research In Motion has released a security notice to alert users of a
vulnerability affecting the WebKit browser engine provided in
BlackBerry Device Software versions 6.0 and later. By convincing a
user to browse to specially crafted website, a remote attacker may be
able to execute arbitrary code. Exploitation of this vulnerability may
allow an attacker to access user data stored on the media card and the
built-in media storage on the affected BlackBerry device.

US-CERT encourages users and administrators to review BlackBerry
security notice KB26132 and do the following to help mitigate the
risks:
  * Exercise caution when accessing untrusted websites in browsers,
    email messages, or instant messages.
  * Disable the use of JavaScript in the BlackBerry Browser or Disable
    the BlackBerry Browser as suggested in BlackBerry security notice
    KB26132.

Additional information regarding this vulnerability can be found in US
Department of Energy Cyber Incident Response Capability (DOE-CIRC)
technical bulletin T-579. US-CERT will provide additional information
as it becomes available.

Relevant Url(s):
<http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection>

<http://www.doecirc.energy.gov/bulletins/t-579.shtml>

====
This entry is available at
http://www.us-cert.gov/current/index.html#blackberry_webkit_browser_vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTYDEKj6pPKYJORa3AQLw+gf9GuqEg5/Mw5WHBWYoLYRO4FAGOX0KP7K1
ptUn+9wPBegQULTBS0gTKTC1AQuYF+KiRogqvmOLIuiRJCNKS+6Qkyu6l2L6/A20
yOYdivYe8HM3h27ZCu4Z3nFlXFiViQyGeSJpW5W0D/F3zAg9lSzubrKJSccEjZqR
7G5js6vIcggbvff09cnQF16agV157u2vkeLhDjMlAWttbfaPn1Qi8g7a8uXm6U2L
0Fw/DaBxxF1I31f2xqYvod+Yrad66yR1cbUgmz9MW9SL2oUaEsOsqxId7j2WYpV8
aP+YXaTkl/Zzy2R3Wp+1bvmE6tAzEt6tqhFryNDK3AgEcBY0Y2t3oQ==
=8BkB
-----END PGP SIGNATURE-----