RIM: Disable JavaScript in BlackBerry Browser

RIM: Disable JavaScript in BlackBerry Browser

Summary: Research in Motion (RIM) is urging BlackBerry users to disable JavaScript in the smartphone's browser to block exploits from a security vulnerability showcased at this year's CanSecWest Pwn2Own contest.

SHARE:

Research in Motion (RIM) is urging BlackBerry users to disable JavaScript in the smartphone's browser to block exploits from a security vulnerability showcased at this year's CanSecWest Pwn2Own contest.

The vulnerability, which exists in the open source WebKit browser engine provided in BlackBerry Device Software version 6.0 and later, was exploited to hack into a BlackBerry Torch 9800 smart phone to steal the contact list and image database.

In response to the hack, RIM issued a security advisory to acknowledge the flaw and suggest a temporary mitigation until a comprehensive patch is issued.

From the advisory:

follow Ryan Naraine on twitter

The issue could result in remote code execution on affected BlackBerry smartphones. Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed. A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access email and other personal information on the file system of the BlackBerry smartphone.

The company suggests that users of the BlackBerry Device Software version 6.0 and later disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability. The issue is not in JavaScript but the use of JavaScript is necessary to exploit the vulnerability.

RIM said it is investigating the issue to determine the best resolution for protecting BlackBerry smartphone users but did not provide a timeline for issuing a fix.

Topics: BlackBerry, Open Source, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Awesome!

    Just great....
    eidris@...
    • RE: RIM: Disable JavaScript in BlackBerry Browser

      <strong>freepuzzlegameonline.com / full-house-design.com</strong>

      <h1><strong><a href="http://www.freepuzzlegameonline.com/">Free Puzzle Games</a></strong></h1>
      <h1><strong><a href="http://www.full-house-design.com/">House Design</a></strong></h1>
      reginebautista
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    Which mobile OS haven't been hacked? I know Android and BBery have made news recently.

    ---------------------
    www.toughcell.com
    cell phone insurance
  • The &quot;best resolution&quot; ...

    The "best resolution" would be to have the fix deployed already.
    Too Old For IT
  • That's nice...

    Great!
    arohatech1
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam
    myclub
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    yea, I know Android and BBery have made news recently, Thanks!
    <a href="http://www.webdocorpo.com.br/massagistas">Massagistas</a>
    <a href="http://www.acompanhantes.org/">Acompanhantes</a>
    <a href="http://www.arcondicionado.org/">Ar Condicionado</a>
    arcondicionadoorg
  • best

    <u><b><i><a href="http://bestfoodforall.com/">best food for all</a></i></b> |
    <u><b><i><a href="http://www.hotelsneardisneyland.biz/">cheap hotels near disneyland</a></i></b> |
    <u><b><i><a href="http://printablerealestateforms.com/">printable real estate forms</a></i></b> |
    <u><b><i><a href="http://www.rentalleaseagreementform.org/">free printable rental lease agreement</a></i></b> |
    juvysan1234
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    Thats a great tip!
    <a href="http://www.rioclass.com.br/">acompanhantes rj</a>
    <a href="http://www.rioclass.com.br/garotas-de-programa-rj">garotas de programa rj</a>
    weblaranja
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    Seems easier said than done. I own a Blackberry myself. Not that good to be honest. service is quite bad. A simple site like http://24optionreview.info doesn't load properly.
    Hobos81
  • RE: RIM: Disable JavaScript in BlackBerry Browser

    So it's that simple?! I supposed it to be more complicated than it seems to be. What ever,thanks for such a nice display.
    tom@[url=http://www.brokerage-review.com/stock-broker-reviews/scottrade-review.aspx]Scottrade review[/url]
    abirahmed