RIM is alerting BlackBerry owners to a security flaw/vulnerability in the BlackBerry Application Web Loader with Internet Explorer. A gitch in the ActiveX control could allow an attacker to execute code remotely or cause Microsoft Internet Explorer to crash.
This can only cause a problem if you use BlackBerry Application Web Loader from Internet Explorer.
The BlackBerry Application Web Loader simplifies the deployment of
third party applications to BlackBerry devices. It provides an additional alternative to existing
over-the-air (OTA) and BlackBerry Desktop Manager methods through Internet Explorer ActiveX control.
When a BlackBerry smartphone user browses to a website that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks ‘Yes’ to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.
The solution is to install a version of the BlackBerry Application Web Loader that does not include the vulnerability. Here’s the solution
- Visit http://na.blackberry.com/eng/developers/javaappdev/devtools.jsp.
- Click the link to download the BlackBerry Application Web Loader v1.1.
- Complete the installation wizard.
Microsoft also issued a warning. IBM reports that ActiveX controls accounted for 46% of all
browser-related vulnerabilities s in 2008, and 66% of
browser-related vulnerabilities designated “critical” or “high.”
Note: The BlackBerry Application Web Loader requires
users to have Windows 2000/XP, running Internet Explorer v5.0 or
greater, ActiveX v8.0 or newer, and users must have BlackBerry USB
drivers installed.
BlackBerry Storm Apps Page.
BlackBerry Storm Links Page.