Article

RIM updates BlackBerry Desktop Software to fix ActiveX flaw

SearchSecurity.com Staff

Research In Motion has quietly released an update to its BlackBerry Desktop Manager, fixing an ActiveX vulnerability in the Roxio Media Manager that could be exploited by an attacker to cause a buffer overflow.

RIM uses the media manager to synchronize BlackBerrys and PCs running Microsoft Windows. In its advisory to customers issued Nov. 27, RIM said the flaw could be exploited if a user visits a malicious website that invokes the control. The company urged its customers to upgrade to the latest patch for the BlackBerry Desktop Software version 4.5, 4.6 or 4.7.

The problem is in FLEXnet Connect (acquired by Accresso Software from Macrovision), a software package that allows vendors to provide updates to applications, according to a

    Requires Free Membership to View

vulnerability note issued by the United States Computer Emergency Readiness Team (US-CERT). As a workaround, US-CERT said companies could disable ActiveX controls in the Internet Zone.

RIM also issued recommendations on setting administrative roles in the BlackBerry Enterprise Server. The server's management console allows an administrator to set roles based on a person's job responsibilities.

"Research In Motion (RIM) recommends that the administrative roles in the BlackBerry Manager be used only to group trusted administrators according to the scope of their administrative responsibility, not for an explicit security purpose, such as limiting access to sensitive data," RIM said in a document issued to customers.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: