Blackberry Browser Client-Side Denial of Service Vulnerability

By Jack Benney on 14 Mar 2007 09:49 pm
0
loading...
0
loading...
0
loading...

Dont Cry For Me My Crackberry!A security advisory was released earlier this evening which alerted to a new Blackberry browser client-side denial of service vulnerability that effects various blackberry devices with the BlackBerry Device Software version 4.2 and prior.

This DoS is the result of the way the Blackberry browser handles certain excessively long URLs that can cause the device to slow down and possibly come to a screeching halt.  This can only happen if you click on a link that has been crafted to exploit this vulnerability.  If you have been effected a simple reset of the device (remove battery and reinsert) should get you back up and crackberrying once again!

Although the risk is relatively low you should probably upgrade to 4.2 Service Pack 1 if it is available from your carrier for your device. 

Check out Blackberry Downloads for the latest software downloads that are available for your crackberry.  If you are using your company's crackberry you may want to give a heads up to your crackberry administrator.  While you are at it, be sure to mention crackberry.com!

This security vulnerability was first posted at FrSIRT

If you are still waiting for an update from your carrier, you should at least be careful when following links that are within an e-mail message or on a website you do not trust.

Jack Benney Jack Benney "CrackBerry Contributor" 11 (articles) 80 (forum posts)
0 comments

Register or Login to add comments