Originally Posted by dbltap
Just a question on this.... Per the data above, this was released on Nov 28th. Yet this morning on the download page the version listed is 4.7.0 B50 and a date of Nov 17, 2008. Should we be looking for a version greater than B50? Or was the fix already in B50? It's a 310 meg download and I don't want to do it again if I already have it.
It looks like the vulnerability was known for a few weeks prior to the Secunia advisory of 11-28-08. Most likely RIM and the other companies updated their software prior to the advisory being posted on Secunia. This is a common practice when security vulnerabilities are discovered -- the companies are told so it can be fixed before it's publicized. That way miscreants don't have a chance to use it to attack users before there is a patch.