RIM Publishes Full Security Advisory for Old BlackBerry 6 WebKit Vulnerability

http://img.berryreview.com/wp-content/uploads/2011/03/BlackBerryTorch9800hacked.

This latest security advisory goes to show why RIM’s current model for carrier approved OS updates is not ideal. RIM put out what they call a security notice about a BlackBerry 6 WebKit browser vulnerability back in March of this year for an exploit found in the BlackBerry 6 Browser at Pwn2Own that month. RIM said back then that devices updated to OS 6.0.0.526+ were safe from the vulnerability. They then finally issued a security advisory this week for the same old vulnerability with quite a few more details about it.

The reason RIM took so long to release the advisory was because RIM had to wait for carriers to approve the security software update. RIM provided the fix within two weeks of learning of the vulnerability. Now SIX MONTHS LATER RIM has found that “a sufficient number of wireless services providers” have made the update available to their customers.

Here is RIM’s explanation for the delay...