ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks
Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.
When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.
Malicious hacker could use booby-trapped HTML documents or Web pages to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.
To fix this issue, install the updated version of the BlackBerry Application Web Loader:
1. Visit http://na.blackberry.com/eng/developers/javaappdev/devtools.jsp
2. Click the link to download the BlackBerry Application Web Loader v1.1.
3. Complete the installation wizard.
A separate update rollup for Active killbits for this BlackBerry issue and two other ActiveX control vulnerabilities can be found at http://www.microsoft.com/technet/security/advisory/960715.mspx.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.