Join Our 3 MILLION+ Members Today! Register Here | Login
 
 
 
 
 
 
Home»BlackBerry News»News & Rumors

RIM advises disabling JavaScript in your BlackBerry browser after exploit discovered

by Bla1ze on 15 Mar 2011 08:12 PM
37
 
RIM advises disablng JavaScript in your BlackBerry browser after exploit discovered

In light of the exploit found during the most recent Pwn2Own convention Research in Motion has introduced a new article to the RIM knowledge base advising users of OS 6 capable devices on how to avoid having their BlackBerry browser exploited. While the potential for someone actually attempting the exploit still remains small, the fact the information is out there is reason enough to protect yourself against it.

RIM KB26132 is the article in place to prevent the exploit from running on your device -- the process is simple really. Just disable JavaScript for the browser while RIM works on hotfix for it. As noted, if you are a BlackBerry Enterprise Server administrator, you can turn off JavaScript support using the Disable JavaScript in Browser IT policy rule. Just remember, in doing this you'll end up having a less than optimal browsing experience. If you're not running BlackBerry 6 this is not needed.

Filed Under: News & Rumors; Tags: Research In Motion
Send to a Friend
 
Login or Register to post comments

37 Comments

Posted by vx1 Tuesday, Mar 15, 2011 436 days ago

huh only BB 6 needs to disable javascript ? well either way its cool RIM came out and said so .. working on hot fix.

 
 
Posted by Bla1ze Tuesday, Mar 15, 2011 436 days ago

The exploit is a WebKit issue, not BB. OS 5 lacks webkit, thus not needing it.

 
 
Posted by mss-ca Tuesday, Mar 15, 2011 436 days ago

Here is my RANT!!!
I don't know what's wrong with RIM, they should be able to make a good working browser using their top of the line high paid programmers. This browser was made by open software development teams and Apple Inc had a huge hand in developing this browser. WHAT WERE they thinking when top engineers at RIM approved implementation of this browser? I am a Canadian student and RIM's software engineers are the best paid software engineers in CANADA. Why the hell then these losers at the top cannot develop their own browser?

Just to get a student software engineering position at RIM, they what my GPA to sit above 3.7/4.0 and YET, the they cannot built their own browser. Even IBM Canada hired me with 3.0/4.0 GPA!!!

I think, RIM needs to change its business philosophy. I am thinking about promoting iPhones over BBs. May be I should join Apple with my 3.0 GPA!!!

RIM, you lost me as a customer!

 
 
Posted by mnemonicj Tuesday, Mar 15, 2011 436 days ago

chill dude. even open sourced, secured, and highly developed software (including linux) has flaws. exploits are commonly uncovered in linux, but they are almost immediately patched to prevent dangers.

 
 
Posted by mss-ca Tuesday, Mar 15, 2011 436 days ago

Yes, you are right... Even according to my textbooks, ANY software can be hacked. I am mad at RIM because they turn me down on a student position.

BUT... RIM should stay away from open source stuff because their competition like Apple may use them to attack RIM.

 
 
Posted by TrentonCampbell Wednesday, Mar 16, 2011 436 days ago

3.0 is not that great of a gpa. Most engineering masters programs require no less then a 3.0. Most schools will kick you if you get less then a 2.0. What would RIM take the top 31% of students when they could have the top 4% that get a 3.7.

 
 
Posted by kcl929 Tuesday, Mar 15, 2011 436 days ago

You mad?

Its no wonder they didn't hire you with your exceptional spelling and grammar skills.

 
 
Posted by vx1 Tuesday, Mar 15, 2011 436 days ago

k, makes sense - thanks.

 
 
Posted by jcastilloalonso Tuesday, Mar 15, 2011 436 days ago

I wonder if the fix will be a hotfix or if it will require a new OS build? One of the reasons I hate OS control for BB are in hands of carriers and not RIM....

 
 
Posted by datta72 Wednesday, Mar 16, 2011 436 days ago

True, carriers won't release it until there's more changes that need to be made, which can take forever.......

 
 
Posted by djkbb Wednesday, Mar 16, 2011 435 days ago

The official AT&T approved OS update for the 9800 with this hole patched will be out Q4 2013.

 
 
Posted by phone9 Tuesday, Mar 15, 2011 436 days ago

It would be nice if it were as simple as downloading one replacement COD file to install over the existing OS, but have they ever done that before? How else could a hot-fix be done?

 
 
Posted by Bla1ze Tuesday, Mar 15, 2011 436 days ago

Sadly.. OS Updates.

 
 
Posted by Culex316 Tuesday, Mar 15, 2011 436 days ago

I agree..the Webkit engine isn't in any COD file but in the radio (.sfi) itself so a whole OS update will be needed.

 
 
Posted by ignites Tuesday, Mar 15, 2011 436 days ago

wonder if it will be a pb issue... pb is using webkit.....

 
 
Posted by wizmillso Tuesday, Mar 15, 2011 436 days ago

RIM knows what they're doing, the've been the most secure for a while now. I believe they have this completely under control. They most like know exactly what they're going to do to fix this problem, which I'd like point out is an Apple product flaw and not a RIM product flaw.

 
 
Posted by boman06210 Tuesday, Mar 15, 2011 436 days ago

But that was on a .2xx os, would newer versions have this issue? Or would only new ones released after this was known about?

 
 
Posted by papped Tuesday, Mar 15, 2011 436 days ago

They never knew about the issue before. So all current OSes and previous OS6 versions will have it.

 
 
Posted by wizmillso Tuesday, Mar 15, 2011 436 days ago

OS 5 wont have this problem, because it wasn't using Apple's security week WebKit

 
 
Posted by jasonvw Tuesday, Mar 15, 2011 436 days ago

Glad to see Rims not trying to sweep this under the rug and pretend it never happened. Still want to see how they fix the issue. If it will be a simple patch or a full os upgrade. If its an os upgrade do they force carriers to release it immediately or continue doing what theyre doing and let the carriers decide.

 
 
Posted by miamimanu86 Tuesday, Mar 15, 2011 436 days ago

and cripple my browser... nope!

 
 
Posted by miamimanu86 Tuesday, Mar 15, 2011 436 days ago

and cripple my browser... nope!

 
 
Posted by ron87 Tuesday, Mar 15, 2011 436 days ago

It's already crippled. It's a Blackberry.

 
 
Posted by sk8er_tor Tuesday, Mar 15, 2011 436 days ago

Do us all a favor and go troll some place else.

 
 
Posted by black.berry.black Thursday, Mar 17, 2011 434 days ago

SERIOUSLY NO HATERS ALLOWED HERE!!

 
 
Posted by JRSCCivic98 Wednesday, Mar 16, 2011 436 days ago

Lol, RIM needs to reword that last part as "By disabling Java, you're basically breaking your Crackberry webpage functionality". :p

So let's see, if the bug in WebKit that allows this sort of hack to happen are really Java Script based ones, people with Safari can disable Java on their devices and fix their issues as well. ;)

 
 
Posted by noTh1ng Wednesday, Mar 16, 2011 436 days ago

This is the most ridicolous solution i have ever heard. If you disable javascript you can stop browsing anyway, cause there wont be much to browse to. Have they thought one second about the browsing experience without js?
This is just plain stupid. Instead of publishing rubbish like that RIM should concentrate on fixing the issue.

 
 
Posted by lycafe Wednesday, Mar 16, 2011 436 days ago

Well said.

I tried turning off JS but couldn't deal with it when browsing the web... so JS is back on.

 
 
Posted by daveshiz Wednesday, Mar 16, 2011 436 days ago

wot a load of crap disable javascript and wait on a hot fix ?
so have a shitty browser until rim able to rectify?
come on crackberry i know you are only passing on info
from rim but grow a pair o balls do you really recommend
to all youre loyal followers disable bear with it and rim will sort
come on !!

 
 
Posted by FlyHigh365 Wednesday, Mar 16, 2011 436 days ago

Yeah I'm most definitely not turning off my JS. I browse way too much.

 
 
Posted by nls Wednesday, Mar 16, 2011 436 days ago

Hotfix? And how they intend to release it? My carrier does not release every fw version, I always hated this way of distribution...

 
 
Posted by a77boy Wednesday, Mar 16, 2011 436 days ago

Are you guys dumbasses? So a problem was found and RIM is doing what it needs to do to fix it. It's no big deal. Disable java for a few days and your fine. Don't disable it and I'm sure your still gonna be fine. You act like it's the end of the world. Windows has a million security flaws! How often is your shit being stolen and jacked. seriously.... And no they are not gonna write a whole new os and run it through the carriers. A hot fix generally implies that they will post up a file for you to download and execute. Just chill already, use some common sense. You wanted a better browser so rim gives it to you, so this is the price you gotta pay. Not the end of the world.

 
 
Posted by The Consigliere Wednesday, Mar 16, 2011 436 days ago

One of my favorite quotes is "Common sense isn't so common." This is probably one of those times, I agree with you, it's not the end of the world though I can't really speak on this issue because I'm running 5.0 but it does sound like RIM is on it & doing what they can do fix this issue. They could have done what other companies do & simply deny but no, they've admitted it and seem to be working on fixing this issue. Everyone just needs to relax, here's another quote for ya "the world went & got itself in a big damn hurry."

 
 
Posted by yacoby54 Wednesday, Mar 16, 2011 436 days ago

I would like you to tell me when is the last time that there was an OS "hotfix" where they offered you a file to download to fix a problem?

I am really curious to hear your answer because this has never been done and will never be done with a core function of the BB OS.

It will require an OS upgrade, granted this upgrade may not take 6 months to get approved by the carriers but it still will have to get their approval.

 
 
Posted by dodger_moore Wednesday, Mar 16, 2011 436 days ago

Well said. It was getting quite painful reading the 'oh noes!!' kneejerk reactions above.

 
 
Posted by zainalrockyou Wednesday, Mar 16, 2011 436 days ago

@a77boy:I'm a newbie, just got my 9780 a few days ago...I've got a question, where to get the hotfix? Where will RIM post this file you've mentioned that we can download and execute? Thanks...

 
 
Posted by JonB74 Wednesday, Mar 16, 2011 436 days ago

"Just remember, in doing this you'll end up having a less than optimal browsing experience"

BWAHAHAHAHAHA like the BB browsing experience is even close to 'optimal' Too funny