New Vulnerability Found In BlackBerry's Web Application Loader - DarkReading

Flaw could allow attackers to gain control of the device, researchers warn

Editor's Note: 

This was rated as a 9.3 out of 10 which means it's "highly dangerous"  and "potentially easy to exploit.  Which is exactly why, when BB is exploring how to position itself for mobile banking, and/or P2P Payments they might want to weigh in heavily on the pragmatics  of  "playing it safe." 

(via a plug and play device...such as, oh, I don't know, a slider?) 
If there's ever a time  to "play it safe" it's with online transactions...my apologizes for using the "same" picture twice in 1 day...it just seemed so apropos. 
Feb 11, 2009 | 05:29 PM
By Tim Wilson DarkReading

Just a few weeks after President Obama won his fight to keep his BlackBerry, the handheld's security is causing concern again.

BlackBerry maker Research In Motion this week is warning users about a newly discovered vulnerability that could potentially enable an attacker to gain remote control of the device or crash its browser.


Given a "Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit..."
The flaw was found in the BlackBerry's Web Application Loader, an ActiveX feature that enables the handheld to load new applications via the Internet Explorer browser. RIM says that "an exploitable buffer overflow" exists in the BlackBerry Application Web Loader ActiveX control.

According to an advisory issued by US-CERT, the flaw may be exploited by phishers or other attackers. "By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user," the advisory says. "The attacker could also cause Internet Explorer to crash."

US-CERT says the vulnerability has been assigned a Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit.

continue "darkreading"


Reblog this post [with Zemanta]

Posted by John B. Frank Thursday, February 12, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers