RIM urges Blackberry users to disable Javascript after web browsing vulnerability revealed

Research in Motion (RIM) is advising Blackberry smartphone users to disable Javascript to protect against a security vulnerability in its web browser.

An issue with the browser rendering engine, WebKit, provided in Blackberry Device Software version 6.0 and later, means hackers could gain access to user data stored on Blackberry smartphone media cards and media storage. Disabling the use of Javascript in the Blackberry browser prevents exploitation of the vulnerability.

"The issue could result in remote code execution on affected BlackBerry smartphones," RIM said. "Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed."

Turning off Javascript may affect browsing experience and the ability to view web pages. But RIM reassures users that data in e-mail, calendar and the contact applications store in application storage is not at risk.

See RIM's website for details about how to disable Javascript. If you are a Blackberry Enterprise Server administrator you can turn off JavaScript support using the 'Disable JavaScript in Browser' IT policy rule.

The security vulnerability was exposed at this year's CanSecWest Pwn2Own contest, where hackers were able to retrieve contact list information and image files from a Blackberry Torch 9800.

Affected Blackberry devices include Bold 9650, 9700 and 9780; Curve 9300; Pearl 9100, Style 9670 and Torch 9800.

The Blackberry Security Incident Response Team has not reported any affected Blackberry users.