BlackBerry 6 WebKit Vulnerability Patched, RIM Publishes Full Security Advisory


This latest security advisory goes to show why RIM’s current model for carrier approved OS updates is not ideal. RIM put out what they call a security notice about a BlackBerry 6 WebKit browser vulnerability back in March of this year for an exploit found in the BlackBerry 6 Browser at Pwn2Own that month. RIM said back then that devices updated to OS 6.0.0.526+ were safe from the vulnerability. They then finally issued a security advisory this week for the same old vulnerability with quite a few more details about it. The reason RIM took so long to release the advisory was because RIM had to wait for carriers to approve the security software update. RIM provided the fix within two weeks of learning of the vulnerability. Now SIX MONTHS LATER RIM has found that “a sufficient number of wireless services providers” have made the update available to their customers.
Overview:-
This security advisory addresses three specific vulnerabilities affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry 6. Successful exploitation of the vulnerabilities requires the BlackBerry smartphone user to browse to a website that the attacker has maliciously designed. A successful attack could result in remote code execution (RCE) on a smartphone running BlackBerry 6. An attacker exploiting these vulnerabilities could read or write to the built-in media storage section of a BlackBerry smartphone or to the media card but could not access user data that the email, calendar, and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.
The most severe of the three vulnerabilities has a CVSS score of 6.8. The least severe has a CVSS score of 5.0. At this time there is no evidence of the vulnerabilities being used in attacks against the BlackBerry platform, and RIM is not aware of any impact to BlackBerry customers as a result of these vulnerabilities. 
Note:- KB26132 was previously published as a Security Notice to responsibly advise customers about the existence of one of the three vulnerabilities, which had been publicly disclosed, and provide workaround options in lieu of a software update to address that issue for all affected customers. This Security Advisory replaces that Security Notice and provides full details of publicly available software updates that address that issue and two related issues, and urges affected customers to upgrade.

For more details click Here



-News Source (RIM & Berry Review) 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...