RIM Advises OS6 Users To Disable Javascript In BlackBerry Browser To Prevent Exploit From Executing

At Pwn2Own 2011 three security researchers exploited multiple WebKit vulnerabilities in the BlackBerry Browser found in devices running BlackBerry 6.  The trio chained an information disclosure bug to a separate integer overflow flaw in the open-source WebKit to hack the BlackBerry device and steal the contact list and image database.

To prevent the exploit Research in Motion has issued KB article RIM KB26132, which, basically instructs BlackBerry users running the WebKit BlackBerry Browser found in BlackBerry 6 to disable JavaScript until the a hotfix to correct the vulnerability is issued.  The potential that someone would actually try to get information from your BlackBerry using this exploit is small.  The fact that it is possible to do so, however, means that you may want to take precautions to protect your data.

Disabling JavaScript makes the WebKit BlackBerry Browser darn near useless so individuals need to weigh the pros and cons of disabling JavaScript.   Corporate BES administrators can disable JavaScript for all managed BlackBerry devices by using the Disable JavaScript in Browser IT policy rule.

[Source]

  • gquaglia

    The BB is useless with or without java script turned on.