BlackBerry Vulnerability Warning for Internet Explorer Active on BlackBerry Smartphones

By Contributor Wireless and Mobile News on February 11, 2009 11:51 AM

RIM is alerting BlackBerry owners to a security flaw/vulnerability in the BlackBerry Application Web Loader with Internet Explorer. A gitch in the ActiveX control could allow an attacker to execute code remotely or cause Microsoft Internet Explorer to crash.

This can only cause a problem if you use BlackBerry Application Web Loader from Internet Explorer.

The BlackBerry Application Web Loader simplifies the deployment of third party applications to BlackBerry devices. It provides an additional alternative to existing over-the-air (OTA) and BlackBerry Desktop Manager methods through Internet Explorer ActiveX control.

When a BlackBerry smartphone user browses to a website that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks ‘Yes’ to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.

The solution is to install a version of the BlackBerry Application Web Loader that does not include the vulnerability. Here’s the solution

Visit http://na.blackberry.com/eng/developers/javaappdev/devtools.jsp.
Click the link to download the BlackBerry Application Web Loader v1.1.
Complete the installation wizard.

Microsoft also issued a warning. IBM reports that ActiveX controls accounted for 46% of all browser-related vulnerabilities s in 2008, and 66% of browser-related vulnerabilities designated “critical” or “high.”

Note: The BlackBerry Application Web Loader requires users to have Windows 2000/XP, running Internet Explorer v5.0 or greater, ActiveX v8.0 or newer, and users must have BlackBerry USB drivers installed.

BlackBerry Storm Apps Page.

BlackBerry Storm Links Page.