Vulnerability discovered in BlackBerry that could allow the device to be hacked

News by SC Staff

A new vulnerability has been found in the BlackBerry web application loader.

A new vulnerability has been found in the BlackBerry web application loader.


BlackBerry maker Research In Motion has warned users about a newly discovered vulnerability that could potentially enable an attacker to gain remote control of the device or crash the browser.


The flaw was found in BlackBerry's web application loader, an ActiveX feature that enables the handheld to load new applications via the Internet Explorer browser. RIM claimed that ‘an exploitable buffer overflow' exists in the BlackBerry ActiveX control.


However it has advised users to upload the current, patched version of web application loader, which does not have the flaw. It also said that users can disable the ActiveX control in their current browsers.


An advisory issued by US-CERT gave the vulnerability a Common Vulnerability Scoring System rating of 9.3 on a 10-point scale, which means the vulnerability is highly dangerous and potentially easy to exploit.


US-CERT said: “By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.”



Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop