BlackBerry bitten by ActiveX control flaw

Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.

  • When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.

An advisory from US-CERT explains that a malicious hacker could use booby-trapped HTML documents or Web pages to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.

To fix this issue, install the updated version of the BlackBerry Application Web Loader:

  1. Click the link to download the BlackBerry Application Web Loader v1.1.
  2. Complete the installation wizard.

A separate update rollup for Active killbits Microsoft provided cover for this BlackBerry issue and two other ActiveX control vulnerabilities.

[Source: zdnet]