Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.
US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the risks:
- Exercise caution when accessing untrusted websites in browsers, email messages, or instant messages.
- Disable the use of JavaScript in the BlackBerry Browser or Disable the BlackBerry Browser as suggested in BlackBerry security notice KB26132.
Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available.
This product is provided subject to this Notification and this Privacy & Use policy.