Research in Motion (RIM) has offered a fix to address a vulnerability in the BlackBerry desktop manager.
Security advisory KB19701 fixes a vulnerability where a malicious user may be able to deceive a legitimate user into connecting to a website to allow remote code execution on the user's computer.
It claimed that a malicious user could perform an attack designed to deceive the legitimate user into clicking on a link to a malicious website that appears to be from a trusted source. If a user chose to access that site from the computer that is running the BlackBerry desktop manager, they may be able to perform remote code execution using the legitimate user's privileges on the computer.
The BlackBerry desktop manager does not need to be running for a malicious user to exploit this vulnerability. The vulnerability was given a CVSS severity rating of 9.3 and applies to BlackBerry desktop software version 5.0 and earlier on all platforms, so it warrants immediate attention.
The United States computer emergency readiness team (US-CERT) encouraged users to review the advisory and apply any necessary updates.