[vip_committees] Fwd: US-CERT Current Activity - BlackBerry WebKit Browser Engine Vulnerability
- From: Blaine Clark <blaineclrk@xxxxxxxxx>
- To: Hank Bloomberg Chapter List <vip_committees@xxxxxxxxxxxxx>
- Date: Wed, 16 Mar 2011 11:41:31 -0400
Please note that the BlackBerry Browser is a full-featured web browser
that is designed to render and support most existing web content on a
mobile device.
US-CERT Current Activity
BlackBerry WebKit Browser Engine Vulnerability
Original release date: March 16, 2011 at 9:33 am
Last revised: March 16, 2011 at 9:33 am
Research In Motion has released a security notice to alert users of a
vulnerability affecting the WebKit browser engine provided in BlackBerry Device
Software versions 6.0 and later. By convincing a user to browse to specially
crafted website, a remote attacker may be able to execute arbitrary code.
Exploitation of this vulnerability may allow an attacker to access user data
stored on the media card and the built-in media storage on the affected
BlackBerry device.
US-CERT encourages users and administrators to review BlackBerry security
notice KB26132 and do the following to help mitigate the risks:
* Exercise caution when accessing untrusted websites in browsers, email
messages, or instant messages.
* Disable the use of JavaScript in the BlackBerry Browser or Disable the
BlackBerry Browser as suggested in BlackBerry security notice KB26132.
Additional information regarding this vulnerability can be found in US
Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical
bulletin T-579. US-CERT will provide additional information as it becomes
available.
Relevant Url(s):
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection
<http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132#environmentSection>
http://www.doecirc.energy.gov/bulletins/t-579.shtml
This entry is available at
http://www.us-cert.gov/current/index.html#blackberry_webkit_browser_vulnerability
- To post on the mailing list, simply send email to
vip_committees@xxxxxxxxxxxxxx
- Users can subscribe to the list by sending email to
vip_committees-request@xxxxxxxxxxxxx with 'subscribe' in the Subject
field OR by visiting the list page at
http://www.freelists.org/list/vip_committees. You can also unsubscribe,
turn on and off Vacation Hold and set your preference for a once-a-day
digest or to receive each message as it is posted on the list page.
- Online, searchable archives of the list are available at
http://www.freelists.org/archive/vip_committees Each list's archive is
automatically updated as new messages come in.
- There's a FAQ at http://www.freelists.org/wiki/the_faq.
Other related posts:
- » [vip_committees] Fwd: US-CERT Current Activity - BlackBerry WebKit Browser Engine Vulnerability - Blaine Clark