BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BlackBerry and Mobile Security (http://www.blackberryforums.com/blackberry-mobile-security/)
-   -   Webkit Browser vunerability (http://www.blackberryforums.com/blackberry-mobile-security/246030-webkit-browser-vunerability.html)

aiharkness 03-11-2011 01:24 PM

Webkit Browser vunerability
 
Pwn2Own 2011: BlackBerry falls to WebKit browser attack | ZDNet

The security subject matter is often over my head, and more often than not I don't know what is myth and what is fact. That said, the news (to me) that BlackBerry security may owe more to obscurity than anything else is a big downer.

Makes me not too crazy about open source. But as I say, I mostly rely on the opinions of others on this stuff, and try and sort out what's reliable and what's not.

Just thinking out loud.

OVERKILL 03-13-2011 12:39 PM

Re: Webkit Browser vunerability
 
Interesting vulnerability. It would appear as though the implementation of the Webkit browser didn't go through enough security testing.

aiharkness 03-16-2011 10:13 AM

Re: Webkit Browser vunerability
 
RIM's workaround ...

KB26132-Vulnerability in WebKit browser engine impacts BlackBerry Device Software version 6.0 and later

Option 1: Disable Javascrip in browser

Option 2: Disable the BlackBerry Browser

Overview:

Quote:

Research In Motion is aware of recent reports of a vulnerability affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry Device Software version 6.0 and later. This security notice communicates the following key facts:

The exploitation of the vulnerability was performed at the Pwn2Own 2011 Contest and is publicly known.

At the time of release of this security notice, the BlackBerry Security Incident Response Team has not received any reports that this vulnerability has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers.

A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.

Recommendation

Follow the available workarounds documented in this security notice.

Exercise caution when clicking on links to untrusted websites in browsers, email or instant messages.

References

CVEŽ Identifier: CVE - CVE-2011-1290 (under review)
I had other reasons for sticking with OS 5. This just adds to them.

Dubdub 03-17-2011 04:06 PM

Re: Webkit Browser vunerability
 
BoyGenius is reporting it:

BlackBerry vulnerability exposed at Pwn2Own; no fix in sight | BGR

camaxtli 06-15-2011 11:45 PM

Re: Webkit Browser vunerability
 
Does any one know if this has been fixed? Maybe with an update or something?


All times are GMT -5. The time now is 03:03 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.