BlackBerry Forums Support Community
              

Closed Thread
 
LinkBack Thread Tools
Old 03-11-2011, 01:24 PM   #1 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 13,978
Post Thanks: 24
Thanked 529 Times in 514 Posts
Default Webkit Browser vunerability

Please Login to Remove!

Pwn2Own 2011: BlackBerry falls to WebKit browser attack | ZDNet

The security subject matter is often over my head, and more often than not I don't know what is myth and what is fact. That said, the news (to me) that BlackBerry security may owe more to obscurity than anything else is a big downer.

Makes me not too crazy about open source. But as I say, I mostly rely on the opinions of others on this stuff, and try and sort out what's reliable and what's not.

Just thinking out loud.
__________________
- Ira

Last edited by aiharkness : 03-11-2011 at 01:45 PM.
Online  
Old 03-13-2011, 11:39 AM   #2 (permalink)
Talking BlackBerry Encyclopedia
 
OVERKILL's Avatar
 
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
OS: 7.1.0.391
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: Webkit Browser vunerability

Interesting vulnerability. It would appear as though the implementation of the Webkit browser didn't go through enough security testing.
__________________
950->5810->6280->7280->7290->8700->8310->9000->9800->9780->9900
BES Admin
Network Engineer
Blackberry user since 2001.
Offline  
Old 03-16-2011, 09:13 AM   #3 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 13,978
Post Thanks: 24
Thanked 529 Times in 514 Posts
Default Re: Webkit Browser vunerability

RIM's workaround ...

KB26132-Vulnerability in WebKit browser engine impacts BlackBerry Device Software version 6.0 and later

Option 1: Disable Javascrip in browser

Option 2: Disable the BlackBerry Browser

Overview:

Quote:
Research In Motion is aware of recent reports of a vulnerability affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry Device Software version 6.0 and later. This security notice communicates the following key facts:

The exploitation of the vulnerability was performed at the Pwn2Own 2011 Contest and is publicly known.

At the time of release of this security notice, the BlackBerry Security Incident Response Team has not received any reports that this vulnerability has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers.

A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.

Recommendation

Follow the available workarounds documented in this security notice.

Exercise caution when clicking on links to untrusted websites in browsers, email or instant messages.

References

CVE® Identifier: CVE - CVE-2011-1290 (under review)
I had other reasons for sticking with OS 5. This just adds to them.
__________________
- Ira

Last edited by aiharkness : 03-16-2011 at 09:15 AM.
Online  
Old 03-17-2011, 03:06 PM   #4 (permalink)
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App6+
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,038
Post Thanks: 52
Thanked 777 Times in 737 Posts
Default Re: Webkit Browser vunerability

BoyGenius is reporting it:

BlackBerry vulnerability exposed at Pwn2Own; no fix in sight | BGR
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!
Offline  
Old 06-15-2011, 10:45 PM   #5 (permalink)
Thumbs Must Hurt
 
camaxtli's Avatar
 
Join Date: Jul 2006
Location: Traffic
Model: 9780
OS: 5.0.0.921
PIN: a colada
Carrier: Tmobile
Posts: 157
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Webkit Browser vunerability

Does any one know if this has been fixed? Maybe with an update or something?
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Webkit Browser vunerability
Thread Thread Starter Forum Replies Last Post
Caching issue for webKit based Browser with OS6.0 SaurabhAgrawal Developer Forum 0 03-02-2011 04:17 PM
Blackberry Webkit browser problems yuanzhoulu General BlackBerry Discussion 0 01-24-2011 11:40 AM
Browser problems jwhanes Developer Forum 1 06-12-2008 01:49 PM
Blackberry browser on Cingular mbn General BlackBerry Discussion 29 08-21-2005 01:15 PM

Digital Multimeter 20A AC/DC OHM Electric Meter Voltmeter Ammeter Circuit Tester
$10.99
Digital Multimeter 20A AC/DC OHM Electric Meter Voltmeter Ammeter Circuit Tester pictureNEW SPERRY SNAP-6 OHM-300 Volt-Ohm-Ammeter Snap-On Clamp On In Box & Energizer A
$26.42
NEW SPERRY SNAP-6 OHM-300 Volt-Ohm-Ammeter Snap-On Clamp On In Box & Energizer A pictureTriplett Model 521 DC Ammeter
$29.99
Triplett Model 521 DC Ammeter pictureKeithley Model 150A/150AR DC Microvolt-Ammeter Instruction Manual
$9.0
Keithley Model 150A/150AR DC Microvolt-Ammeter Instruction Manual pictureVintage Snap-On 1000DC AC1000 Clampmeter Clamp-On Ammeter
$20.0
Vintage Snap-On 1000DC AC1000 Clampmeter Clamp-On Ammeter picture






Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.