RIM Issues BlackBerry Security Advisory - InformationWeek
IoT
IoT
Mobile // Mobile Devices
News
2/10/2009
05:14 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
[Cybersecurity] Costs vs. Benefits
Feb 28, 2017
This online event, hosted by the editors of Dark Reading, brings together IT security leaders, bus ...Read More>>

RIM Issues BlackBerry Security Advisory

Vulnerabilities in the BlackBerry Application Web Loader ActiveX control could allow an attacker to execute code remotely or cause Microsoft Internet Explorer to crash.

Research In Motion (RIM) on Tuesday issued a security advisory to those of its BlackBerry customers who are using BlackBerry Application Web Loader Version 1.0 and Microsoft Internet Explorer.

A vulnerability in the BlackBerry Application Web Loader ActiveX control could allow an attacker to execute code remotely or to cause Microsoft Internet Explorer to crash, the company said.

"An exploitable buffer overflow exists in the BlackBerry Application Web Loader ActiveX control that Internet Explorer uses to install applications on BlackBerry devices," RIM explains in its advisory. "When a BlackBerry device user browses to a Web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks 'Yes' to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer."

RIM's warning comes in conjunction with a security advisory issued by Microsoft that updates its ActiveX kill bit list to include a kill bit to prevent the BlackBerry Application Web Loader ActiveX control from being exploited.

The vulnerability can be resolved by installing an updated version of the BlackBerry Application Web Loader. The RIM Web site also includes a workaround that describes how to disable the affected ActiveX control.

In its 2008 X-Force Trend and Risk report, released earlier this month, IBM reports that ActiveX controls accounted for 46% of all browser-related vulnerability disclosures in 2008, and 66% of browser-related vulnerabilities designated "critical" or "high."

There was an overall decline in browser-related vulnerability disclosures last year, according to IBM's report.

"Unfortunately, the decline in ActiveX disclosures does not appear to be making an impact on exploitation," the report said. "As with other browser-related vulnerabilities, attackers rely upon users who do not keep their browsers current. Although Microsoft has made great strides in preventing ActiveX exploitation through changes to Microsoft Internet Explorer, exploitation remains an issue along with the continued usage of known vulnerable ActiveX controls from non-malicious Web sites."

InformationWeek has published an independent analysis of what other security measures companies can take for their mobile workforces. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll