FYI...

RIM releases advisory for BlackBerry PDF Distiller vulns - updates available
- http://www.us-cert.gov/current/index.html#...leases_advisory
April 20, 2009

* http://www.blackberry.com/btsc/search.do?c...ernalId=KB17953
"Overview... For the convenience of affected customers, the fixes for KB15766 and KB17118 are included in the software update provided for the new vulnerabilities described in this security advisory. Customers affected by the issues described in this advisory should also review KB15766 and KB17118 to review how they are protected from the vulnerability described in that advisory after applying either the updates provided in KB15766 and KB17118, or the one provided in this advisory...
Resolution: RIM has issued an interim security software update that resolves this vulnerability in affected versions of the BlackBerry Enterprise Server software and BlackBerry Professional Software.
For BlackBerry Enterprise Server
• Visit http://www.blackberry.com/go/serverdownloads to download and install Interim Security Software Update 3 for affected BlackBerry Enterprise Server software versions.
OR
• For BlackBerry Enterprise Server for Microsoft Exchange or Lotus Domino, visit http://www.blackberry.com/go/serverdownloads to download and install version 4.1.6 MR5 or later.
• For BlackBerry Professional Software
Visit http://na.blackberry.com/eng/support/downl...ab_professional to obtain Interim Security Software Update 3 for affected BlackBerry Professional Software versions..."

- http://www.blackberry.com/btsc/search.do?c...ernalId=KB15766
- http://www.blackberry.com/btsc/search.do?c...ernalId=KB17118



This post has been edited by AplusWebMaster: Oct 2 2009, 08:43 AM

FYI...

BlackBerry security advisory...
- http://www.us-cert.gov/current/#research_i...leases_security
October 1, 2009 - "Research in Motion has released a security advisory* to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site. US-CERT encourages users to review the BlackBerry security advisory KB19552* and apply any necessary updates**."
* http://www.blackberry.com/btsc/search.do?c...ernalId=KB19552
09/30/09 - "... RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages. If a user visits a site that causes a BlackBerry browser dialog box to warn the user about continuing the connection, the user should select Close connection..."
** http://na.blackberry.com/eng/update/
Last Modified : 09-30-2009

BlackBerry Security
- http://na.blackberry.com/eng/ataglance/security/news.jsp



This post has been edited by AplusWebMaster: Oct 6 2009, 05:13 PM

FYI...

Vulnerability in the BlackBerry Desktop Manager allows remote code execution
- http://www.blackberry.com/btsc/search.do?c...ernalId=KB19701
November 3, 2009
Overview: This advisory relates to a vulnerability in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager may use. This vulnerability may allow a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. If the legitimate (logged in) user clicks a link to a malicious web site (for example, in an email message, in a browser, or an instant message) on the computer that is running the BlackBerry Desktop Manager, a vulnerability in an Intellisync component could allow the malicious user who sent the link or created the malicious web site to execute code on the computer using the privileges of the legitimate user.
Note: The affected Lotus Notes Intellisync DLL is included by default in all BlackBerry Desktop Manager installations. This vulnerability exists whether or not the DLL is used after installation...

- http://secunia.com/advisories/37244/2/
Release Date: 2009-11-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: BlackBerry Desktop Software 3.x, BlackBerry Desktop Software 4.x, BlackBerry Desktop Software 5.x ...
Solution: Update to version 5.0.1* ...

* https://www.blackberry.com/Downloads/entry....B93E4F3BB068C22
( Note: If you did not purchase BlackBerry directly from Research In Motion (RIM), please contact your service provider to determine if this software has been authorized for use with your handheld... )

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0306



This post has been edited by AplusWebMaster: Nov 5 2009, 04:27 PM