Tuesday, February 10, 2009

BlackBerry Bitten by ActiveX Control Flaw

Ryan Naraine writes on the ZDNet "Zero day" Blog:

Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.

When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.

An advisory from US-CERT explains that a malicious hacker could use booby-trapped HTML documents or Web pages to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.

More here.


Post a Comment

<< Home