A security hole in the Windows software used to download files to BlackBerry phones has been plugged.
BlackBerry maker Research In Motion (RIM) on Wednesday addressed a vulnerability in its BlackBerry Application Web Loader, an ActiveX control that is typically started on a web page and downloads software through a USB cable connected to the phone.
RIM issued an advisory that said: “When a BlackBerry device user browses to a website that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks ‘Yes' to install and run the ActiveX control, the ActiveX control introduces the vulnerability [a buffer overflow] to the computer.”
The RIM advisory said that the vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.3. CVSS scores range from 0 (no vulnerability) to 10 (critical).
“By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user," a US-CERT alert warned. "The attacker could also cause Internet Explorer to crash."
For its part, Microsoft addressed the problem in a revised patch released Tuesday, saying in an advisory that one of its latest security updates sets a kill bit for an ActiveX control developed by RIM. A kill bit stops an ActiveX control from running in Internet Explorer.
See original article on scmagazineus.com
BlackBerry security hole patched
A security hole in the Windows software used to download files to BlackBerry phones has been plugged.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
.png&w=100&c=1&s=0)
Optus Enterprise Mobility

Life After VMware: Scale Securely with mCloud by Micron21

Cut Cloud Costs Without Compromise: Discover mCloud by Micron21

What 4 wholesale distribution challenges aren’t going away anytime soon?

State of the SOC: Building Resilience in a Shifting Threat Landscape