Join Our 3 MILLION+ Members Today! Register Here | Login
 
 
 
 
 
 
Home»BlackBerry News»News & Rumors

RIM Warns About BlackBerry Browser Bug, Recommends Updating To Newer OS Versions Not Yet Released?

by Bla1ze on 29 Sep 2009 08:54 PM
16
 
RIM Warns About BlackBerry Browser Bug, Recommends Updating To Newer OS Versions Not Yet Released?

Al Sacco over at CIO was advised today from a Twitter friend that RIM had posted some information regarding a security concern within their BlackBerry browser. The issue at hand here is how the BlackBerry browser handles server certificates and it's method of reading null characters. To put it simply, hackers can make a site appear to be legit, in all reality it's leading you to somewhere else where you could possibly be inputting personal information. Think of Paypal being redirected to a site that looks like Paypal asking you to login, thus supplying your login and password to a unknown site.

The offical statement from the RIM knowledge base reads:

Overview

This advisory relates to a BlackBerry® Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name.

Issue Severity: This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 6.8.

Issue Status: Vulnerability confirmed. Check for software containing the security update based on your wireless service provider. For more information, see the Resolution section.

Recommendation: Complete the resolution actions documented in this advisory.

Mitigation: RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages. If a user visits a site that causes a BlackBerry Browser dialog box to warn the user about continuing the connection, the user should select Close connection.

Now, while the security is a concern RIM's suggestions and path of action really is not the best. As pointed out by Al, some of the updates they are suggesting are not even available for users to download as of yet. This is due to the way RIM OS updates are released, having to pass carrier approval before release. Until the updates actually hit carriers and are released, it's just simply suggested that you close any website in which you see that looks similar to the screenshot provided but clearly RIM will need to address this further at the carrier level to ensure users are not left with this problem again.

Filed Under: News & Rumors;
Send to a Friend
 
Login or Register to post comments

16 Comments

Posted by cinsu Tuesday, Sep 29, 2009 968 days ago

Maybe they are just hinting at the imminent release to occur overnight????

 
 
Posted by Ravenell Tuesday, Sep 29, 2009 968 days ago

Now that's wishful thinking.

 
 
Posted by nedqadams Tuesday, Sep 29, 2009 968 days ago

When I updated to the "full" 230 this afternoon I was prompted to by DM to install a full update to BB Core 4.7 OS. I was previously on the "partial" .230 leak so I'm not sure why it thought a 4.7 update would be newer.

I didn't check to see what the actual os was though.

 
 
Posted by storm83 Tuesday, Sep 29, 2009 968 days ago

Let's hope so. I'm hoping 5.0 comes out this weekend.

 
 
Posted by codemaker Tuesday, Sep 29, 2009 968 days ago

I hope this release fixes the bugs in the .169 8830 release.

 
 
Posted by DFL Tuesday, Sep 29, 2009 968 days ago

I think it's coming pretty soon

 
 
Posted by tmp3150 Tuesday, Sep 29, 2009 968 days ago

Perhaps another leak will be arriving.

 
 
Posted by gtstang462002 Tuesday, Sep 29, 2009 968 days ago

There has been a leak for just about every phone this week hasn't there. ;)

 
 
Posted by trucksmoveamerica Wednesday, Sep 30, 2009 968 days ago

Which leads me to think there will be an official soon from even slow verizon. And with this out and about, I think verizon will move a little faster. I will give verizon credit, they are concerned about their customers privacy, and this could move them to release and work on bugs later. besidse, most of the bugs on .230 is app related..

 
 
Posted by CeluGeek Wednesday, Sep 30, 2009 968 days ago

... if T-Mobile releases a 4.6 update for the 8900 that fixes this issue plus the UMA mess that is their current build .231.

 
 
Posted by johnnywoods Wednesday, Sep 30, 2009 968 days ago

Horrible grammar in that last paragraph.

 
 
Posted by Retrokid223 Wednesday, Sep 30, 2009 968 days ago

Wow this is very shocking lol i downloaded .230 last night and downgraded it because i noticed alot of bugs with it

 
 
Posted by johnnyboyya Wednesday, Sep 30, 2009 967 days ago

I upgraded my .230 and its been perfect for me better then all and even the .167 i love this version :) have not noticed any bugs exept pandora sometimes stops the song at the end and u have to skip it but who cares :)

 
 
Posted by cj100570 Wednesday, Sep 30, 2009 967 days ago

RIM needs to take the Apple approach and release updates through Desktop Manager. I got a number of those warnings while I was running the 4.7 spins on my Storm but I haven't seen them while surfing to the same sites on 5.0.0.230. Thank goodness for leaks.

 
 
Posted by VZWRocka Wednesday, Sep 30, 2009 967 days ago

that wouldn't really help anything. It's the carrier that decides what updates to release, not RIM, reguardless of the method of delivery (OTA, DM, or download). In fact if they were to switch to that method it would just make it that much harder to install other carrer's official updates.

 
 
Posted by jmiles3bb Thursday, Oct 01, 2009 967 days ago

I misplaced my cable to connect my BB to my PC. I finally decided to update to 5.0 and now the update is just sitting there :(