ActiveX insecurity strikes BlackBerry
Microsoft’s often insecure technology called ActiveX strikes again. This time it’s in a BlackBerry application. ZDNet reports:
Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.
When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.
An advisory from US-CERT explains that a malicious hacker could use booby-trapped HTML documents or Web pages to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash.
Update: RIM has released a patch.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.