RIM posts BlackBerry security patch

By

Phishing flaw in smartphones.

Research In Motion has issued a security update to address a flaw in its BlackBerry handsets.

The update fixes a flaw in the handling of security certificate issues in the BlackBerry browser application, which could be exploited by an attacker to perform a phishing attack.

The vulnerability affects BlackBerry software versions 4.5 to 4.7, and all users with supported BlackBerry software versions are advised to update their software.

The flaw does not affect the BlackBerry Server or Desktop software packages.

The flaw lies in the way the browser reports security certificate mismatches. When a mismatch between the certificate issuer and domain is detected, the browser presents a dialogue box warning the user.

Researchers have found, however, that the dialogue boxes do not display null characters on addresses. This could allow an attacker to craft a false certificate with null characters at the end of an otherwise legitimate site, and use it to present the certificate as authentic.

RIM recommends that users install the security fix immediately. Users who do not have the update are being advised to use caution when accepting web certificates, and avoid clicking on any suspicious or unsolicited links.

RIM posts BlackBerry security patch
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?