BlackBerry users running the BlackBerry 6 OS should disable browser JavaScript to avoid a potential security issue, RIM says. On the heels of news that “white hat” hackers had identified and exploited a flaw in RIM’s BlackBerry 6 Webkit browser at the annual Pwn2Own hacking contest in Vancouver, B.C., BlackBerry-maker Research In Motion (RIM) has issued a security advisory instructing BlackBerry users with smartphones running the company’s BlackBerry 6 OS, as well as BlackBerry Enterprise Server (BES) administrators supporting BlackBerry 6 devices, to disable the BlackBerry Webkit browser’s JavaScript functionality. BlackBerry 6 Webkit Browser Options Screen This is the first year a Pwn2Own participant was able to “crack” RIM’s BlackBerry OS, which is typically considered the most secure mobile OS. Hackers Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann gained access to all contact information and the device image-database on a BlackBerry Torch running RIM’s BlackBerry OS 6.0.0.246, via RIM’s WebKit browser, which is only found in the company’s BlackBerry 6 OS and not previous software versions, according to ZDNet.com. In other words, the flaw only affects users running RIM’s BlackBerry 6 OS and later, and other BlackBerry owners with earlier device software need not worry about the flaw. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe On Monday, RIM released an official response to the news from Pwn2Own, issuing a security advisory that calls for all BlackBerry 6 users and administrators to disable the JavaScript function in their BlackBerry 6 Webkit browser, until RIM can release a software fix. RIM says its BlackBerry Security Incident Response Team has not received any reports that the browser flaw has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers, but it’s still a good idea to disable JavaScript just in case, especially since the exploit is now getting so much mainstream attention. To disable your Webkit Browser JavaScript, simple open your BlackBerry Browser, hit your BlackBerry Menu key, choose Options and then uncheck the box next to “Enable JavaScript,” under the Web Content section. Save your changes and you’re good to go. BES admins can disable their BlackBerry 6 users’ JavaScript in one fell swoop by employing the BES “Disable JavaScript in Browser” IT policy rule, or they can turn off the BlackBerry Browser all together via a similar IT policy, according to RIM. Additional information on the flaw, along with RIM’s suggested workarounds, can be found on the BlackBerry Technical Solution Center site. AS Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Al at asacco@cio.com Related content feature 4 reasons why gen AI projects fail Data issues are still among the chief reasons why AI projects fall short of expectations, but the advent of generative AI has added a few new twists. By Maria Korolov Oct 04, 2023 9 mins Data Science Data Science Data Science feature What a quarter century of digital transformation at PayPal looks like Currently processing a volume of payments worth over $1.3 trillion, PayPal has repeatedly staked its claim as a digital success story over the last 25 years. But insiders agree this growth needs to be constantly supported by reliable technological ar By Nuria Cordon Oct 04, 2023 7 mins Payment Systems Digital Transformation Innovation news analysis Skilled IT pay defined by volatility, security, and AI Foote Partners’ Q3 report on IT skills pay trends show AI and security skills were in high demand, and the value of cash-pay premiums was more volatile but their average value across a broad range of IT skills and certifications was slightly do By Peter Sayer Oct 04, 2023 6 mins Certifications Technology Industry IT Skills brandpost Future-Proofing Your Business with Hyperautomation By Veronica Lew Oct 03, 2023 7 mins Robotic Process Automation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe