Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.
US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the risks:
- Exercise caution when accessing untrusted websites in browsers, email messages, or instant messages.