RIM Patches Bug in BlackBerry Device Software

There's a denial-of-service flaw in the popular BlackBerry devices that could result in the browser on a vulnerable device hanging and then crashing if the user visits a malicious Web site.

The vulnerability in the BlackBerry software is a relatively low-risk one, as it won't result in remote code execution on vulnerable devices. Instead, if a user visits a site that has specially designed malicious code on it, the BlackBerry's browser will hang for a short time and then terminate, according to a bulletin from Research In Motion.

"This advisory relates to a BlackBerry Device Software vulnerability that could allow an attacker to maliciously craft a web page such that, when the BlackBerry device user views the page on a device running the affected BlackBerry Device Software, the browser application becomes unresponsive. The BlackBerry device subsequently terminates the browser, and the browser eventually restarts and displays an error message. Successful exploitation of this issue relies on the user viewing the maliciously crafted web page on a device running the affected BlackBerry Device Software. The impact is limited to a partial Denial of Service (DoS) in the browser application in use on the BlackBerry device," RIM said.

The bug affects BlackBerry software earlier than 6.0 running on a variety of devices, including the Curve, Storm and Bold. RIM also this week released a fix for a vulnerability in the company's BlackBerry Enterprise Server software that could result in remote code execution.

Commenting on this Article is closed.