Research in Motion issued a security alert today for its customers who use the BlackBerry Application Web Loader and Microsoft Internet Explorer.
Basically, the web loader's ActiveX control has a vulnerability that can allow someone to attack the device remotely or cause the browser to crash.
In the company's own words:
An exploitable buffer overflow exists in the BlackBerry Application Web Loader ActiveX control that Internet Explorer uses to install applications on BlackBerry devices. ... When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.
The site offers two solutions - a workaround to disable the ActiveX control or an updated version
of the web loader to install.Information Week
cites a report released by IBM earlier this month that indicates this is not all that unusual for ActiveX controls. The controls "accounted for 46% of all browser-related vulnerability disclosures in 2008," the report said — and for 66% percent of "critical" or "high" vulnerabilities.
The main victims, the report said, tended to be users who didn't update their browsers. So, when the next version of your browser comes out, you just might want to download and install it.