RIM posts BlackBerry security patch

By

Phishing flaw in smartphones.

Research In Motion has issued a security update to address a flaw in its BlackBerry handsets.

The update fixes a flaw in the handling of security certificate issues in the BlackBerry browser application, which could be exploited by an attacker to perform a phishing attack.

The vulnerability affects BlackBerry software versions 4.5 to 4.7, and all users with supported BlackBerry software versions are advised to update their software.

The flaw does not affect the BlackBerry Server or Desktop software packages.

The flaw lies in the way the browser reports security certificate mismatches. When a mismatch between the certificate issuer and domain is detected, the browser presents a dialogue box warning the user.

Researchers have found, however, that the dialogue boxes do not display null characters on addresses. This could allow an attacker to craft a false certificate with null characters at the end of an otherwise legitimate site, and use it to present the certificate as authentic.

RIM recommends that users install the security fix immediately. Users who do not have the update are being advised to use caution when accepting web certificates, and avoid clicking on any suspicious or unsolicited links.

RIM posts BlackBerry security patch
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?