Research In Motion has issued a security update to address a flaw in its BlackBerry handsets.
The update fixes a flaw in the handling of security certificate issues in the BlackBerry browser application, which could be exploited by an attacker to perform a phishing attack.
The vulnerability affects BlackBerry software versions 4.5 to 4.7, and all users with supported BlackBerry software versions are advised to update their software.
The flaw does not affect the BlackBerry Server or Desktop software packages.
The flaw lies in the way the browser reports security certificate mismatches. When a mismatch between the certificate issuer and domain is detected, the browser presents a dialogue box warning the user.
Researchers have found, however, that the dialogue boxes do not display null characters on addresses. This could allow an attacker to craft a false certificate with null characters at the end of an otherwise legitimate site, and use it to present the certificate as authentic.
RIM recommends that users install the security fix immediately. Users who do not have the update are being advised to use caution when accepting web certificates, and avoid clicking on any suspicious or unsolicited links.
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
