RIM Warns About BlackBerry Browser Bug, Recommends Updating To OS Versions Yet To Be Released By Carriers

My buddy @ASacco found out through RIM’s online security advisory that there is currently a bug in the BlackBerry Browser that leaves users open to attack in the form of “phishing” when prompted about website certificates.

“This advisory relates to a BlackBerry Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name.”

Apparently RIM has already issued OS updates that should fix this problem to various carriers, but the carriers have yet to release them. Here’s a list of the software updates in terms of what you should be running in order to avoid getting exposed to the bug:

• BlackBerry Device Software v4.5.0.x to v4.5.0.173 or later
• BlackBerry Device Software v4.6.0.x to v4.6.0.303 or later
• BlackBerry Device Software v4.6.1.x to v4.6.1.309 or later
• BlackBerry Device Software v4.7.0.x to v4.7.0.179 or later
• BlackBerry Device Software v4.7.1.x to v4.7.1.57 or later

Where the heck are these updates and why haven’t they been released yet?

Until these updates are made available by your carrier (or another), RIM says you should be wary about clicking unknown links in SMS or Email messages even if they are from a trusted source. In addition (according to RIM), you should immediately close any dialog box or prompt that resembles the one in the image above to avoid getting exposed to phishing.

Have you seen a prompt like this before and think you were exposed to the threat? Let me know in the comments!

via CIO