BlackBerry Vulnerability – Disable Java

Research in Motion is advising Blackberry users to disable Javascript as a work-around for a security vulnerability in its web browser.  An issue with the browser rendering engine, WebKit, provided in Blackberry Device Software version 6.0 and later, could allow a hacker to gain access to user data stored on media cards and media storage.  The issue could result in remote code execution on affected BlackBerry smartphones, requiring the user to browse to a website that the attacker has maliciously designed.

The security vulnerability was exposed at this year’s CanSecWest Pwn2Own contest, where hackers were able to retrieve contact list information and image files from a Blackberry Torch 9800.  Affected Blackberry devices include Bold 9650, 9700 and 9780; Curve 9300; Pearl 9100, Style 9670 and Torch 9800.

Turning off Javascript may affect the overall browsing experience and the ability to view some web pages, but RIM reassures users that data in e-mail, calendar and the contact applications store in application storage is not at risk.

How to disable Javascript.  (Blackberry Enterprise Server administrators can turn off JavaScript using the ‘Disable JavaScript in Browser’ IT policy rule.)