iTnews
  • Home
  • News
  • Technology
  • Security

RIM offers JavaScript workaround for BlackBerry breach

By Stewart Mitchell
Mar 18 2011 1:16PM
Follow google news

Admits security hole in operating system.

RIM has confirmed a security breach in its BlackBerry OS 6.0 software.

RIM offers JavaScript workaround for BlackBerry breach

The mobile maker advised concerned users and enterprises to switch off JavaScript to mitigate the problem.

The flaw was spotted during last week's Pwn2Own hacker challenge and requires handset users to browse to an infected site designed by the attacker.

According to the Pwn2Own hackers, they were able to steal a contact list and photo cache from an exploited phone. RIM played down the significance of the attack, claiming that the most private data on handsets was safe from the attack because it was stored in unaffected applications folders.

“A successful exploit could allow the attacker to use the BlackBerry browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone,” the company said in a security warning.

“They could not access user data that the email, calendar and contact applications store in the application storage," RIM said. "Exploitation of the vulnerability does not allow access to this part of memory.”

Nonetheless, the breach admission was an embarrassing gaffe for a company that prides itself on tight security - a big selling point for its corporate customers. RIM was quick to add that no attacks had been spotted using the vulnerability in the wild.

As a workaround until the patch is fixed, RIM recommended that concerned users and system admins switch off JavaScript, although the company admitted this would impact usability.

“Users of BlackBerry Device Software version 6.0 and later can disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability,” the company said.

“The issue is not in JavaScript, but the use of JavaScript is necessary to exploit the vulnerability. Turning off JavaScript may impact the ability to view web pages, or result in a diminished browsing experience.”

Turning off JavaScript wasn't as drastic as RIM's second option for keeping the problem at bay, which involved “disabling the BlackBerry Browser”.

This article originally appeared at pcpro.co.uk

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © Alphr, Dennis Publishing
Tags:
blackberrybreachjavascriptoffersrimsecurityworkaround

Related Articles

  • AudiA6 crypto launderers arrested, network taken down by police AudiA6 crypto launderers arrested, network taken down by police
  • US charges suspected Russian hacker with facilitating cyber campaign US charges suspected Russian hacker with facilitating cyber campaign
  • Gov looks for upstream threat blocking by telcos, cloud operators Gov looks for upstream threat blocking by telcos, cloud operators
  • Federal Parliamentary Computer Network set for its "most significant" upgrade Federal Parliamentary Computer Network set for its "most significant" upgrade
Join our WhatsApp Channel

Partner Content

Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery
Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
Take control of your connectivity with Telstra’s Adaptive Networks Centre
Partner Content Take control of your connectivity with Telstra’s Adaptive Networks Centre
Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026

Sponsored Whitepapers

Are Australian organisations as cyber-ready as they think?
Are Australian organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
From visibility to execution: Fixing the SaaS management gap
From visibility to execution: Fixing the SaaS management gap
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Anthropic releases Mythos-class model for public use

Anthropic releases Mythos-class model for public use
Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Medibank reveals attack vector and cost of 2022 security breach

Medibank reveals attack vector and cost of 2022 security breach
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.