BlackBerry hole: RIM recommends workaround
The hole affects the BlackBerry Device Software from version 6.0 on BlackBerry Torch 9800, Style 9670, Bold 9700, Bold 9650, Curve 9300 and Pearl 9100 devices. While the hole in WebKit reportedly allows potential attackers to access a phone's memory card and built-in media storage, RIM says that it doesn't give access to the emails, calendar data and address book entries in the phone's application storage. However, this statement has been contradicted by the Pwn2Own hack, which enabled the contestants not only to read the address book, but also to retrieve images from an internal cache.
Google has already closed the WebKit hole in its Chrome browser; RIM is still working on an update. What's more, Chrome's sandbox would have prevented exploits from accessing the system anyway. BlackBerry devices lack any features such as DEP or ASLR that are offered in modern operating systems to complicate or prevent potential attacks. However, even Apple only recently included ASLR in its iPhones with iOS 4.3.