RIM updates BlackBerry Desktop Software to fix ActiveX flaw

The latest update for BlackBerry Desktop Software includes a fix to an ActiveX vulnerability located in a tool used to synchronize BlackBerrrys and PCs running Microsoft Windows.

Research In Motion has quietly released an update to its BlackBerry Desktop Manager, fixing an ActiveX vulnerability...

in the Roxio Media Manager that could be exploited by an attacker to cause a buffer overflow.

RIM uses the media manager to synchronize BlackBerrys and PCs running Microsoft Windows. In its advisory to customers issued Nov. 27, RIM said the flaw could be exploited if a user visits a malicious website that invokes the control. The company urged its customers to upgrade to the latest patch for the BlackBerry Desktop Software version 4.5, 4.6 or 4.7.

The problem is in FLEXnet Connect (acquired by Accresso Software from Macrovision), a software package that allows vendors to provide updates to applications, according to a vulnerability note issued by the United States Computer Emergency Readiness Team (US-CERT). As a workaround, US-CERT said companies could disable ActiveX controls in the Internet Zone.

RIM also issued recommendations on setting administrative roles in the BlackBerry Enterprise Server. The server's management console allows an administrator to set roles based on a person's job responsibilities.

"Research In Motion (RIM) recommends that the administrative roles in the BlackBerry Manager be used only to group trusted administrators according to the scope of their administrative responsibility, not for an explicit security purpose, such as limiting access to sensitive data," RIM said in a document issued to customers.

Dig Deeper on Handheld and Mobile Device Security Best Practices



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: