Web Kit Browser BlackBerry Bisa di Hack

March 16, 2011 § Leave a comment


Web Kit Browser BlackBerry Bisa di Hack

RIM sarankan user BlackBerry Device running BlackBerry OS6 dengan Web Kit Browser untuk disable / matikan javascript browser untuk keamanan data karena hacker bisa hack BlackBerry Device anda dan akses data di memory card BlackBerry Device anda via browser.

RIM jelaskan ada kelemahan di web kit browser tersebut namum hacker tetap tidak bisa akses data email, contacts, calender dan aplikasi yang instal ke Applications memory, hanya data di memory card yang bisa di akses hacker.

Namum, jika javascript di matikan di browser, browsing website tidak akan selancar.

Silakan baca informasi resmi dari RIM di knowledge base BlackBerry

Vulnerability in WebKit browser engine impacts BlackBerry Device Software version 6.0 and later

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 6.8.

Impact
A vulnerability exists in the open source WebKit browser engine provided in BlackBerry Device Software version 6.0 and later. The issue could result in remote code execution on affected BlackBerry smartphones. Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed. A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone. 

Application storage is the only place on a device from which applications can be run. Sections of application storage can store files that a user downloads or saves to device memory. Exploitation of the vulnerability does not allow access to this part of BlackBerry smartphone

Overview

Research In Motion is aware of recent reports of a vulnerability affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry Device Software version 6.0 and later. This security notice communicates the following key facts:

The exploitation of the vulnerability was performed at the Pwn2Own 2011 Contest and is publicly known.

At the time of release of this security notice, the BlackBerry Security Incident Response Team has not received any reports that this vulnerability has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers.

A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.

Recommendation

Follow the available workarounds documented in this security notice.

Exercise caution when clicking on links to untrusted websites in browsers, email or instant messages.

Disable JavaScript use in the BlackBerry Browser

Users of BlackBerry Device Software version 6.0 and later can disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability. The issue is not in JavaScript but the use of JavaScript is necessary to exploit the vulnerability.

Important: Turning off JavaScript may impact the ability to view web pages, or result in a diminished browsing experience.

Posted with WordPress for BlackBerry.

Tagged: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

What’s this?

You are currently reading Web Kit Browser BlackBerry Bisa di Hack at blackberry news.

meta

%d bloggers like this: