Date: 13 October 2011
References: ESB-2011.0298 ESB-2011.0439 ESB-2011.0440 ESB-2011.0443
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1029
Vulnerabilities in WebKit browser engine impact BlackBerry 6
13 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry Bold 9650 smartphone
BlackBerry Bold 9700 smartphone
BlackBerry Bold 9780 smartphone
BlackBerry Curve 9300 Series
BlackBerry Pearl 9100 Series
BlackBerry Style 9670 smartphone
BlackBerry Torch 9800 smartphone
Publisher: RIM
Operating System: BlackBerry Device
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-1290
Reference: ESB-2011.0443
ESB-2011.0440
ESB-2011.0439
ESB-2011.0298
Original Bulletin:
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerabilities in WebKit browser engine impact BlackBerry 6
Article ID: KB26132
Type: Security Advisory
First Published: 10-11-2011
Last Modified: 10-11-2011
Product(s) Affected:
BlackBerry Bold 9650 smartphone
BlackBerry Bold 9700 smartphone
BlackBerry Bold 9780 smartphone
BlackBerry Curve 9300 Series
BlackBerry Pearl 9100 Series
BlackBerry Style 9670 smartphone
BlackBerry Torch 9800 smartphone
Products
Affected Software
BlackBerry smartphones running BlackBerry 6 software
Non Affected Software
BlackBerry Device Software versions earlier than 6.0
BlackBerry 7 and later
BlackBerry Enterprise Server
BlackBerry Internet Service
BlackBerry Desktop Manager
BlackBerry Mobile Voice System
Issue Severity
These three vulnerabilities have a maximum Common Vulnerability Scoring
System (CVSS) score of 6.8. See the Reference section below for details of
the CVSS score and impact for each vulnerability.
Overview
This security advisory addresses three specific vulnerabilities affecting
the implementation of open source WebKit technology in the BlackBerry Browser
in BlackBerry 6. Successful exploitation of the vulnerabilities requires the
BlackBerry smartphone user to browse to a website that the attacker has
maliciously designed. A successful attack could result in remote code execution
(RCE) on a smartphone running BlackBerry 6. An attacker exploiting these
vulnerabilities could read or write to the built-in media storage section of a
BlackBerry smartphone or to the media card but could not access user data that
the email, calendar, and contact applications store in the application storage
(the internal file system that stores application data and user data) of the
BlackBerry smartphone.
The most severe of the three vulnerabilities has a CVSS score of 6.8. The least
severe has a CVSS score of 5.0.
At this time there is no evidence of the vulnerabilities being used in attacks
against the BlackBerry platform, and RIM is not aware of any impact to
BlackBerry customers as a result of these vulnerabilities.
Note: KB26132 was previously published as a Security Notice to responsibly
advise customers about the existence of one of the three vulnerabilities, which
had been publicly disclosed, and provide workaround options in lieu of a
software update to address that issue for all affected customers. This Security
Advisory replaces that Security Notice and provides full details of publicly
available software updates that address that issue and two related issues, and
urges affected customers to upgrade.
Problem
Successful exploitation of the vulnerabilities requires the BlackBerry
smartphone user to browse to a website that the attacker has maliciously
designed. The website could be an otherwise legitimate website that the
attacker has compromised. An example of a website that could be compromised is
a site that accepts or hosts user-provided HTML content or advertisements.
Best practices
Exercise caution when clicking on links to untrusted websites in browsers,
email or instant messages.
Resolution
RIM has issued the following updates that resolve these vulnerabilities in
BlackBerry 6. RIM recommends that all affected users apply the available
software updates below to fully protect their BlackBerry smartphones.
To check for the following available updates for your BlackBerry Device
Software, visit http://www.blackberry.com/updates/ or connect your BlackBerry
smartphone to your BlackBerry Desktop Software to automatically check for the
following updates.
Note: If http://www.blackberry.com/updates/ or your BlackBerry Desktop Software
indicates that your software is up to date but you are running an applications
version earlier than the version for your BlackBerry smartphone model listed
below, contact your wireless service provider to request the software update
listed below.
BlackBerry smartphone model Software applications version to update to
BlackBerry Bold 9650 Version 6.0.0.522 (bundle 2321) or later
smartphone
BlackBerry Curve 9330
smartphone
BlackBerry Style 9670
smartphone
BlackBerry Bold 9700 Version 6.0.0.526 (bundle 2342) or later
smartphone
BlackBerry Bold 9780
smartphone
BlackBerry Curve 9300
smartphone
BlackBerry Torch 9800
smartphone
BlackBerry Pearl 9100 Version 6.0.0.526 (bundle 2343) or later
smartphone
BlackBerry Pearl 9105
smartphone
Note: BlackBerry Bold 9788 smartphone users do not need to update their
BlackBerry Device Software to be protected against these issues. The
BlackBerry Bold 9788 smartphone minimum software version when shipped is
Version 6.0.0.595 (bundle 2623) or later, which already includes the update
for these issues.
Acknowledgements
RIM acknowledges the following security researchers for reporting CVE-2011-1290
to RIM: Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers (reported
via TippingPoint and the Zero Day Initiative).
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTpZOY+4yVqjM2NGpAQIP4g//S5UyYT71WD7S81TbtpTy22dwS6y+t5bN
K1WDPy5skgasKRGlyZ5xpz4090OY3vdOPWmm9c/VB/xJhBy3Nk/n38lTywHEa+IH
z21Cha86QpSzm/C4Z6cI/ACUgiDaF5vi7QHlxrEJZi5WqKzqAaehP9kVjyDDg9tD
tERlilT0ikWUFEak7mf0EIyqnTFmNBxzodi1CwtoPxuKvgPRo442YkT6nJdayIKP
fXTRIpwUVhe2pCAyGaU8sLxkD7rWTYBnaQ/gYcO03q9VrOxl7ZJl70A0DqT+XgcZ
caoPn0Og3pgvDEGP28wuZZy8gHo33uXR/5oTbx3jiZ+Llyf/ukoqCtKmIUXwbNr7
InVFBPwwjSXNeb+6uko1zG8xe+ZQEVyBsLvM2WyEGEBpa4wKui2aJ0dNE35piyJZ
/qU1V1IV+5j07J6zDxaYKfkvOpexvIGazXEYirm3FXlNuMGujqWIIiJk1PAc119t
49muUseWExL7BqzDe8YMx+nsaUEFAcXgECQgCIIawgw8HgmpMcoot/wmYpFKzb9o
TOib3MNNaiutxcaGVqmCZ3ROwjozNS9PgiMa1WbG9nAJ1muoYYC8M0Sfues8sNSb
q+5E+kFUV9oul0LmvGbHBnERC2M2ElvxzUDRXNKeghXXz4TkMTbzY899oiIMdLpB
ZamNrNuQAhA=
=hlDR
-----END PGP SIGNATURE-----
|