BlackBerry Vulnerability
Research In Motion (RIM) has released details of a vulnerability that exists in their implementation of Microsoft’s CryptoAPI in the default BlackBerry browser application. The vulnerable API could allow an attacker to trick a user into following a link to a malicious website, under the premise that the site is legitimate. Specifically, the vulnerable API could allow the attacker to craft an SSL certificate that contains null characters, tricking the browser into not alerting the user to the fact that the site they are being directed to is not the legitimate website. All BlackBerry Device Software versions, containing the BlackBerry Browser, Internet Browser, WAP Browser, and Wi-Fi (Hotspot) browser are affected and should be updated to the most current version. For complete details of the vulnerability, click here.
