BlackBerry Security Notices

BlackBerry Security Notices - All http://www.blackberry.com/btsc Latest published articles from the BlackBerry Technical Solution Center en-us 60 Thu, 09 Feb 2012 16:14:03 EST RIM's response to reports of applications developed by Carrier IQ RIM is investigating reports regarding Carrier IQ applications and understands that customers may have privacy concerns related to these applications. RIM does not... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB29256&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB29256 Fri, 20 Jan 2012 00:00:00 EST Elevation of privilege vulnerability in file sharing capability impacts the BlackBerry PlayBook tablet software BlackBerry® PlayBook™ tablet software version 1.0.8.4985 and earlier BlackBerry PlayBook tablet software version 1.0.8.6067 or... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB29191&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB29191 Thu, 19 Jan 2012 00:00:00 EST Vulnerability in the security of BlackBerry device backups using the BlackBerry Desktop Software · BlackBerry® Desktop Software 4.7 (PC OS) · BlackBerry® Desktop Software 5.0 (PC OS) · BlackBerry® Desktop Software 6.0 (PC OS) · BlackBerry®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB24764&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB24764 Tue, 03 Jan 2012 00:00:00 EST BlackBerry browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates Research In Motion (RIM) has tested the following software to determine which versions or editions are affected by... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB19552&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB19552 Mon, 12 Dec 2011 00:00:00 EST Vulnerabilities in WebKit browser engine impact BlackBerry 6 · BlackBerry® 6 software · BlackBerry Device Software versions earlier than 6.0 · BlackBerry® 7 and later · BlackBerry® Enterprise Server · BlackBerry® Internet Service ·... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB26132&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB26132 Mon, 12 Dec 2011 00:00:00 EST Vulnerability in a component of the BlackBerry Enterprise Server could allow one enterprise instant messaging user to impersonate another This vulnerability affects the BlackBerry® Collaboration Service component of the following software... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB28524&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB28524 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet Adobe® Flash® Player versions included with BlackBerry® PlayBook™ tablet software versions 1.0.7.2942 and earlier. BlackBerry PlayBook tablet... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB28400&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB28400 Fri, 20 Jan 2012 00:00:00 EST Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution The issue affects the following software versions: · BlackBerry® Enterprise Server version 5.0.3 MR2 and earlier for Microsoft... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB27244&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB27244 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service This issue affects the BlackBerry® Administration Application Programming Interface (API) component within the... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB27258&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB27258 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software Adobe® Flash® Player versions included with BlackBerry® PlayBook™ tablet software versions 1.0.5.2342 and earlier. BlackBerry PlayBook... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB27365&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB27365 Fri, 20 Jan 2012 00:00:00 EST Vulnerability in Adobe Flash Player version included with the BlackBerry PlayBook tablet software · Adobe® Flash® Player versions included with the BlackBerry® PlayBook™ tablet software versions 1.0.5.2304 and earlier · BlackBerry PlayBook... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB27240&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB27240 Fri, 20 Jan 2012 00:00:00 EST Cross-site scripting (XSS) vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server This issue affects the BlackBerry Web Desktop Manager component of the following software versions: · BlackBerry... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB26296&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB26296 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in Apache Tomcat implementation impact BlackBerry Enterprise Server components These issues affect the following software versions: · BlackBerry Enterprise Server Express versions 5.0.1 through 5.0.2 MR1 for Microsoft... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB25966&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB25966 Wed, 02 Nov 2011 00:00:00 EDT Partial Denial of Service (DoS) in the BlackBerry browser application The issue affects the BlackBerry browser application of the following software versions: · BlackBerry® Device Software versions earlier than 6.0.0 · BlackBerry® Desktop... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB24841&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB24841 Wed, 26 Jan 2011 00:00:00 EST Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server This issue affects the BlackBerry® Attachment Service component of the following software versions: · BlackBerry Enterprise Server... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB25382&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB25382 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server The issue affects the BlackBerry® Attachment Service component of the following software versions: · BlackBerry Enterprise Server... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB24761&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB24761 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server The issue affects the BlackBerry® Attachment Service component of the following software versions: · BlackBerry Enterprise Server... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB24547&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB24547 Wed, 02 Nov 2011 00:00:00 EDT Insecure library loading in the BlackBerry Desktop Software · BlackBerry® Desktop Software (all versions) for PC · BlackBerry® Desktop Software (all versions) for Mac No. This vulnerability has a Common Vulnerability Scoring System (CVSS)... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB24242&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB24242 Wed, 02 Nov 2011 00:00:00 EDT SIP INVITE vulnerability in From field format string on the BlackBerry 7270 smartphone · BlackBerry® 7270 smartphone · BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier This vulnerability has a Common Vulnerability... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB12700&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB12700 Mon, 19 Sep 2011 00:00:00 EDT Updating an ActiveX control that the Roxio Media Manager uses No. This issue is in a third-party component. RIM has therefore not assigned a severity. This article is in reference to US-CERT Advisory VU# 524681.       The BlackBerry Desktop... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB16469&sliceID=2&command=show&forward=nonthreadedKC&kcId=KB16469 Wed, 02 Nov 2011 00:00:00 EDT Browser dialog box not properly dismissed after downloading a corrupt JAD file · BlackBerry® smartphones · BlackBerry® Device Software 4.0.1 and earlier Yes. Not assigned. An issue in the BlackBerry Device Software where a browser dialog... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04755&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04755 Thu, 28 Apr 2011 00:00:00 EDT Temporary Denial of Service in the BlackBerry Browser · BlackBerry® devices · BlackBerry® Device Software version 4.2 and earlier   Yes. This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 1.9. A Denial of... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB12577&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB12577 Thu, 04 Aug 2011 00:00:00 EDT SIP INVITE URI user name format string vulnerability in the BlackBerry 7270 smartphone · BlackBerry® 7270 smartphone · BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier Yes. This vulnerability has a Common Vulnerability... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB12707&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB12707 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability in the BlackBerry Desktop Manager allows remote code execution · BlackBerry Desktop Software version 5.0 and earlier (on all platforms), IBM® Lotus Notes® Intellisync® functionality · BlackBerry® Device Software · BlackBerry®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB19701&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB19701 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite · BlackBerry® Unite!™ software versions earlier than 1.0 Service Pack 3 (1.0.3) bundle 28 These vulnerabilities each have a Common Vulnerability... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17119&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17119 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server · BlackBerry® Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 6 (4.1.6) · BlackBerry®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17118&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17118 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability exists in BlackBerry Application Web Loader ActiveX control · BlackBerry® Application Web Loader Version 1.0 · Microsoft® Internet Explorer version (all versions) BlackBerry® Web Desktop Manager No. This vulnerability has a... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB16248&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB16248 Wed, 02 Nov 2011 00:00:00 EDT TeamOn Import Object ActiveX control vulnerability · BlackBerry® Internet Service 2.0 · Microsoft® Internet Explorer® · T-Mobile® My E-mail Note: The BlackBerry Internet Solution is designed to work with T-Mobile My E-mail to give... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB13142&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB13142 Wed, 02 Nov 2011 00:00:00 EDT Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server · BlackBerry® Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5) · BlackBerry®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB15766&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB15766 Wed, 02 Nov 2011 00:00:00 EDT RIM analysis of buffer overrun in decompression algorithm · BlackBerry® Enterprise Server version 4.0 Service Pack 1 and earlier Not assigned. A report issued by Imad Lahoud of the EADS Corporate Research Center IT Security Lab in France... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04075&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04075 Wed, 02 Nov 2011 00:00:00 EDT Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware · BlackBerry® Device Software 4.0 and later · BlackBerry® Enterprise Server software version 4.0 and later Not applicable. This article describes a class... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB05499&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB05499 Thu, 28 Apr 2011 00:00:00 EDT BlackBerry 7270 smartphone does not handle SIP INVITE messages properly · BlackBerry® 7270 smartphone · BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier This vulnerability has a Common Vulnerability Scoring System (CVSS)... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB12705&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB12705 Wed, 02 Nov 2011 00:00:00 EDT Corrupt TIFF file may cause heap overflow resulting in Denial of Service in the BlackBerry Attachment Service · BlackBerry® Enterprise Server 4.0 and later · IBM® Lotus® Domino® · Microsoft® Exchange · Novell® GroupWise® Not assigned. A... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04757&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04757 Wed, 02 Nov 2011 00:00:00 EDT Updating the Microsoft GDI component that BlackBerry products use · BlackBerry® Enterprise Server software version 4.0 Service Pack 3 (4.0.3) or later · BlackBerry® Professional Software 4.1 Service Pack 4 (4.1.4) or later · Windows® 2000... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB15506&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB15506 Wed, 02 Nov 2011 00:00:00 EDT HexView advisory on BlackBerry device buffer overflow and data loss · BlackBerry® device · BlackBerry® Device Software 3.7 Service Pack 1 · BlackBerry® Enterprise Server · IBM® Lotus® Domino® · Microsoft® Exchange Not assigned.   A HexView... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB03422&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB03422 Wed, 02 Nov 2011 00:00:00 EDT Denial of Service on the BlackBerry Router · BlackBerry® Enterprise Server 4.0 through 4.0 Service Pack 3 Hotfix 4 Not assigned. An issue in the BlackBerry Enterprise Server that is known to Research In Motion has been corrected in current... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04758&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04758 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server · BlackBerry® Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 6 (4.1.6) · BlackBerry®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17953&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17953 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (software updates for BlackBerry Enterprise Server and BlackBerry Professional Software only) · BlackBerry® Enterprise Server... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB18327&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB18327 Wed, 02 Nov 2011 00:00:00 EDT Corrupt Word file may cause buffer overflow in the BlackBerry Attachment Service · BlackBerry® Enterprise Server software version 2.2 and later for IBM® Lotus® Domino® · BlackBerry Enterprise Server software version 3.6 and later for... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04791&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04791 Wed, 02 Nov 2011 00:00:00 EDT Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server Research In Motion (RIM) has tested the following software to determine which versions or editions are affected. Other versions... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB19860&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB19860 Wed, 02 Nov 2011 00:00:00 EDT Cross site scripting vulnerability in the BlackBerry Enterprise Server MDS Connection Service · BlackBerry® Enterprise Server software version 4.1.6 MR4 and earlier This vulnerability has a Common Vulnerability Scoring System (CVSS) score... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969 Wed, 02 Nov 2011 00:00:00 EDT Corrupt PNG file may cause heap overflow in the BlackBerry Attachment Service · BlackBerry® Enterprise Server software versions 4.0 (4.0.0) through 4.0 Service Pack 2 (4.0.2) · IBM® Lotus Domino® · Microsoft® Exchange · Novell® GroupWise®... http://www.blackberry.com/btsc/dynamickc.do?externalId=KB04756&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB04756 Wed, 02 Nov 2011 00:00:00 EDT