We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New Security Flaws ID'd in BlackBerry 6 OS, Enterprise IM Apps

It's been more than two months since Research In Motion (RIM) reported a BlackBerry smartphone or BlackBerry Enterprise Server (BES) security flaw, but the Canadian company has announced a handful of recently discovered vulnerabilities in its BlackBerry 6 handheld OS and BES for IBM Lotus Notes and Microsoft Exchange. BlackBerry Torch 9800 with Padlock (Image Credit: Brian Sacco)

First, RIM reports that three newly discovered vulnerabilities in the BlackBerry 6 Webkit browser could allow a hacker to access and/or modify data stored within a BlackBerry 6 smartphone's internal storage, as well as on its external media card.

From RIM:

"Successful exploitation of the vulnerabilities requires the BlackBerry smartphone user to browse to a website that the attacker has maliciously designed. A successful attack could result in remote code execution (RCE) on a smartphone running BlackBerry 6. An attacker exploiting these vulnerabilities could read or write to the built-in media storage section of a BlackBerry smartphone or to the media card but could not access user data that the email, calendar, and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone."

The flaws affect a number of BlackBerry smartphones running the BlackBerry 6 OS, including the Bold 9650, Bold 9700, Bold 9780, Curve 9300, Pearl 9100, Style 9670, and Torch 9800 handhelds.

RIM recommends updating your BlackBerry 6 smartphone's OS to v6.0.0.522 for the Bold 9650, Curve 9330 smartphone, and Style 9670 smartphones; and to v6.0.0.566 for the remaining affected devices. However, some wireless carriers have not yet released these software builds, so RIM recommends contacting your carrier and requesting the appropriate software if it's not yet available to you. (Find more details on RIM's security advisory page.)

Secondly, RIM reports a new BES flaw that could affect organizations that employ Microsoft's Office Communications Server (OCS) 2007 R2 and/or the Microsoft Lync Server 2010 BlackBerry IM Client with certain versions of RIM's BES for Lotus Notes and BES for Microsoft Exchange.

From RIM:

"A vulnerability exists in the BlackBerry Collaboration Service component of the affected versions of the BlackBerry Enterprise Server. Successful exploitation of this vulnerability would allow a potentially malicious BlackBerry device user within an organization to log into the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the organization. This would allow the potentially malicious user to send messages as the legitimate user and receive messages sent to the legitimate user, as well as prevent the legitimate user from accessing the BlackBerry Collaboration Service. This would also allow the potentially malicious user to access the legitimate user's enterprise instant messaging contact list."

To address the issue, RIM released new security updates for BES in the form of a BES 5.0.3 maintenance release 4 (MR4) software update. Both BES updates can be downloaded from RIM's server downloads page. (Find more specifics on this new BES flaw on RIM's security advisory page.)


Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Al at [email protected]

Read more about mobile/wireless in CIO's Mobile/Wireless Drilldown.

IDG UK Sites

BT returns to mobile market with best 4G SIM-only deals in the UK: Amazing half-price deals for BT...

IDG UK Sites

The real danger of AI isn't killer robots, but that one might steal your job

IDG UK Sites

Get Renderman free: Pixar releases a free version for non-commercial projects

IDG UK Sites

iPhone 7 release date rumours, new features and images: More RAM and an Apple SIM, but better...