Michael Kemp has discovered a denial of service issue in the BlackBerry Browser. An BlackBerry device running OS version 4.2 or earlier would be affected as RIM has released a patched version 4.2.1 which fixes this issue.
Here is how the vulnerability works:
- Construct a WML page that contains an overly long string value within a link (e.g.: a href=”aaaaaaaaaaaaaaaaaaa” etc.).
- Now navigate to this link with your BlackBerry Browser.
- Commence temporary Denial of Service within the 4thPass browser component on the device, and temporary device inoperability.
The only ways out of this DoS is to either wait it out or pull the battery. The amount of time you wait is relative to the size of the link causing the attack.
I have personally experienced this with my BlackBerry 8700 though I didn’t know what was causing it at the time.
More info:
RIM Bulletin
BugTraq
