 |
|
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
||||||
This is a discussion on Vulnerability In ALL BB Handheld OS Current Versions.... within the BlackBerry Software category of our BlackBerry Forums; Be aware that RIM has posted a warning about a vulnerability in the BB Browser in ALL currently used handheld ...
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-29-2009, 06:55 PM
|
#1 (permalink) |
|
Super Moderator
 
Join Date: Mar 2008
Location: Lonk Island, NY
Posts: 3,832
Thanks: 13
Thanked 118 Times in 98 Posts
|
Vulnerability In ALL BB Handheld OS Current Versions....
Be aware that RIM has posted a warning about a vulnerability in the BB Browser in ALL currently used handheld OS versions. Here is a brief summary:
Overview This advisory relates to a BlackBerry® Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name. Issue Severity: This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 6.8. Issue Status: Vulnerability confirmed. Check for software containing the security update based on your wireless service provider. For more information, see the Resolution section. Recommendation: Complete the resolution actions documented in this advisory. Mitigation: RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages. If a user visits a site that causes a BlackBerry Browser dialog box to warn the user about continuing the connection, the user should select Close connection. The biggest problem I see is that the updated OS versions RIM has certified solve the issue have not been made available by any of the carriers yet... Here is the full article and pay attention to what RIM recommends you do until the fix is made available by carriers... 
__________________
 SteveTazIf you want a toy, get an iPhone....If you want a tool, get a BlackBerry.... Tact Is For People Who Aren't Witty Enough To Be Sarcastic "...mercy to the guilty is cruelty to the innocent..." Adam Smith The Theory of the Moral Sentiments Phone: 8330m Curve (Red) Carrier: Sprint BB History: New as of 03/19/2008 - 8830 ---> 8330m 
|
|
  
|
|
10-14-2009, 05:18 PM
|
#2 (permalink) |
|
Member
 Join Date: Feb 2009
Posts: 73
Thanks: 11
Thanked 2 Times in 2 Posts
|
Thanks for this notice. Just read it now. So it seems the newest at&t OS doesn't fix this, but the newest offical from Mobitel 4.6.0.303 does? Am I interpreting this correctly?
I have actually experienced this malicious message recently. |
|
|
|
|
10-14-2009, 05:34 PM
|
#3 (permalink) |
|
Super Moderator
Join Date: Mar 2008
Location: Lonk Island, NY
Posts: 3,832
Thanks: 13
Thanked 118 Times in 98 Posts
|
Originally Posted by corvid
I believe you are correct. It appears to me that for the 4.6 OS the .303 update does correct the vulnerability.
When you saw the message did you do anything except close it out and not continue (Close Connection)?
__________________
SteveTazIf you want a toy, get an iPhone....If you want a tool, get a BlackBerry.... Tact Is For People Who Aren't Witty Enough To Be Sarcastic "...mercy to the guilty is cruelty to the innocent..." Adam Smith The Theory of the Moral Sentiments Phone: 8330m Curve (Red) Carrier: Sprint BB History: New as of 03/19/2008 - 8830 ---> 8330m
|
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 05:14 AM.
