RIM has confirmed a security breach in its BlackBerry OS 6.0 software.
The flaw was spotted during last week's Pwn2Own hacker challenge and requires handset users to browse to an infected site designed by the attacker.
According to the Pwn2Own hackers, they were able to steal a contact list and photo cache from an exploited phone. RIM played down the significance of the attack, claiming that the most private data on handsets was safe from the attack because it was stored in unaffected applications folders.
“A successful exploit could allow the attacker to use the BlackBerry browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone,” the company said in a security warning.
“They could not access user data that the email, calendar and contact applications store in the application storage," RIM said. "Exploitation of the vulnerability does not allow access to this part of memory.”
Nonetheless, the breach admission was an embarrassing gaffe for a company that prides itself on tight security - a big selling point for its corporate customers. RIM was quick to add that no attacks had been spotted using the vulnerability in the wild.