RIM closes critical hole in BlackBerry
The BlackBerry manufacturer RIM has released an update for its BlackBerry Application Web Loader for Windows. The update addresses a critical vulnerability in an ActiveX control. An attacker can create a buffer overflow exploit in the ActiveX control which could be triggered when a user visits a malicious site. The control is normally started by the web page to allow additional software for the BlackBerry to be downloaded to the phone, via USB.
As an alternative, users can update to the killbit for the ActiveX control, which will disable it. Yesterdays Microsoft updates included a cumulative patch, which set several killbits including those for the ActiveX control from RIM. According to the bulletin from Microsoft, there is also an ActiveX safety problem with the Akamai Download Manager, but there are no details available on that issue.
- Vulnerability exists in the BlackBerry Application Web Loader ActiveX control, RIM advisory.
- Update Rollup for ActiveX Kill Bits, Microsoft advisory.