In association with heise online

11 February 2009, 09:37

RIM closes critical hole in BlackBerry

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The BlackBerry manufacturer RIM has released an update for its BlackBerry Application Web Loader for Windows. The update addresses a critical vulnerability in an ActiveX control. An attacker can create a buffer overflow exploit in the ActiveX control which could be triggered when a user visits a malicious site. The control is normally started by the web page to allow additional software for the BlackBerry to be downloaded to the phone, via USB.

As an alternative, users can update to the killbit for the ActiveX control, which will disable it. Yesterdays Microsoft updates included a cumulative patch, which set several killbits including those for the ActiveX control from RIM. According to the bulletin from Microsoft, there is also an ActiveX safety problem with the Akamai Download Manager, but there are no details available on that issue.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit