RIM advises disabling JavaScript in your BlackBerry browser after exploit discovered

By Bla1ze on 15 Mar 2011 08:12 pm
0
loading...
43
loading...
245
loading...
RIM advises disablng JavaScript in your BlackBerry browser after exploit discovered

In light of the exploit found during the most recent Pwn2Own convention Research in Motion has introduced a new article to the RIM knowledge base advising users of OS 6 capable devices on how to avoid having their BlackBerry browser exploited. While the potential for someone actually attempting the exploit still remains small, the fact the information is out there is reason enough to protect yourself against it.

RIM KB26132 is the article in place to prevent the exploit from running on your device -- the process is simple really. Just disable JavaScript for the browser while RIM works on hotfix for it. As noted, if you are a BlackBerry Enterprise Server administrator, you can turn off JavaScript support using the Disable JavaScript in Browser IT policy rule. Just remember, in doing this you'll end up having a less than optimal browsing experience. If you're not running BlackBerry 6 this is not needed.

37 comments

vx1

huh only BB 6 needs to disable javascript ? well either way its cool RIM came out and said so .. working on hot fix.

Bla1ze

The exploit is a WebKit issue, not BB. OS 5 lacks webkit, thus not needing it.

mssca

Here is my RANT!!!
I don't know what's wrong with RIM, they should be able to make a good working browser using their top of the line high paid programmers. This browser was made by open software development teams and Apple Inc had a huge hand in developing this browser. WHAT WERE they thinking when top engineers at RIM approved implementation of this browser? I am a Canadian student and RIM's software engineers are the best paid software engineers in CANADA. Why the hell then these losers at the top cannot develop their own browser?

Just to get a student software engineering position at RIM, they what my GPA to sit above 3.7/4.0 and YET, the they cannot built their own browser. Even IBM Canada hired me with 3.0/4.0 GPA!!!

I think, RIM needs to change its business philosophy. I am thinking about promoting iPhones over BBs. May be I should join Apple with my 3.0 GPA!!!

RIM, you lost me as a customer!

mnemonicj

chill dude. even open sourced, secured, and highly developed software (including linux) has flaws. exploits are commonly uncovered in linux, but they are almost immediately patched to prevent dangers.

mssca

Yes, you are right... Even according to my textbooks, ANY software can be hacked. I am mad at RIM because they turn me down on a student position.

BUT... RIM should stay away from open source stuff because their competition like Apple may use them to attack RIM.

trentoncampbell

3.0 is not that great of a gpa. Most engineering masters programs require no less then a 3.0. Most schools will kick you if you get less then a 2.0. What would RIM take the top 31% of students when they could have the top 4% that get a 3.7.

kcl929

You mad?

Its no wonder they didn't hire you with your exceptional spelling and grammar skills.

vx1

k, makes sense - thanks.

jcastilloalonso

I wonder if the fix will be a hotfix or if it will require a new OS build? One of the reasons I hate OS control for BB are in hands of carriers and not RIM....

datta72

True, carriers won't release it until there's more changes that need to be made, which can take forever.......

djkbb

The official AT&T approved OS update for the 9800 with this hole patched will be out Q4 2013.

phone9

It would be nice if it were as simple as downloading one replacement COD file to install over the existing OS, but have they ever done that before? How else could a hot-fix be done?

Culex316

I agree..the Webkit engine isn't in any COD file but in the radio (.sfi) itself so a whole OS update will be needed.

ignites

wonder if it will be a pb issue... pb is using webkit.....

wizmillso

RIM knows what they're doing, the've been the most secure for a while now. I believe they have this completely under control. They most like know exactly what they're going to do to fix this problem, which I'd like point out is an Apple product flaw and not a RIM product flaw.

boman06210

But that was on a .2xx os, would newer versions have this issue? Or would only new ones released after this was known about?

papped

They never knew about the issue before. So all current OSes and previous OS6 versions will have it.

wizmillso

OS 5 wont have this problem, because it wasn't using Apple's security week WebKit

jasonvw

Glad to see Rims not trying to sweep this under the rug and pretend it never happened. Still want to see how they fix the issue. If it will be a simple patch or a full os upgrade. If its an os upgrade do they force carriers to release it immediately or continue doing what theyre doing and let the carriers decide.

miamimanu86

and cripple my browser... nope!

miamimanu86

and cripple my browser... nope!

ron87#CB

It's already crippled. It's a Blackberry.

sk8er_tor

Do us all a favor and go troll some place else.

black.berry.black

SERIOUSLY NO HATERS ALLOWED HERE!!

JRSCCivic98

Lol, RIM needs to reword that last part as "By disabling Java, you're basically breaking your Crackberry webpage functionality". :p

So let's see, if the bug in WebKit that allows this sort of hack to happen are really Java Script based ones, people with Safari can disable Java on their devices and fix their issues as well. ;)

noTh1ng

This is the most ridicolous solution i have ever heard. If you disable javascript you can stop browsing anyway, cause there wont be much to browse to. Have they thought one second about the browsing experience without js?
This is just plain stupid. Instead of publishing rubbish like that RIM should concentrate on fixing the issue.

lycafe

Well said.

I tried turning off JS but couldn't deal with it when browsing the web... so JS is back on.

daveshiz

wot a load of crap disable javascript and wait on a hot fix ?
so have a shitty browser until rim able to rectify?
come on crackberry i know you are only passing on info
from rim but grow a pair o balls do you really recommend
to all youre loyal followers disable bear with it and rim will sort
come on !!

FlyHigh365

Yeah I'm most definitely not turning off my JS. I browse way too much.

nls

Hotfix? And how they intend to release it? My carrier does not release every fw version, I always hated this way of distribution...

a77boy

Are you guys dumbasses? So a problem was found and RIM is doing what it needs to do to fix it. It's no big deal. Disable java for a few days and your fine. Don't disable it and I'm sure your still gonna be fine. You act like it's the end of the world. Windows has a million security flaws! How often is your shit being stolen and jacked. seriously.... And no they are not gonna write a whole new os and run it through the carriers. A hot fix generally implies that they will post up a file for you to download and execute. Just chill already, use some common sense. You wanted a better browser so rim gives it to you, so this is the price you gotta pay. Not the end of the world.

The Consigliere

One of my favorite quotes is "Common sense isn't so common." This is probably one of those times, I agree with you, it's not the end of the world though I can't really speak on this issue because I'm running 5.0 but it does sound like RIM is on it & doing what they can do fix this issue. They could have done what other companies do & simply deny but no, they've admitted it and seem to be working on fixing this issue. Everyone just needs to relax, here's another quote for ya "the world went & got itself in a big damn hurry."

yacoby54

I would like you to tell me when is the last time that there was an OS "hotfix" where they offered you a file to download to fix a problem?

I am really curious to hear your answer because this has never been done and will never be done with a core function of the BB OS.

It will require an OS upgrade, granted this upgrade may not take 6 months to get approved by the carriers but it still will have to get their approval.

dodger_moore

Well said. It was getting quite painful reading the 'oh noes!!' kneejerk reactions above.

zainalrockyou

@a77boy:I'm a newbie, just got my 9780 a few days ago...I've got a question, where to get the hotfix? Where will RIM post this file you've mentioned that we can download and execute? Thanks...

JonB74

"Just remember, in doing this you'll end up having a less than optimal browsing experience"

BWAHAHAHAHAHA like the BB browsing experience is even close to 'optimal' Too funny