Security Advisories and Notices

Research In Motion (RIM) has not reported any security issues in 2012.

Research In Motion (RIM) has reported the following security issues. The links below outline the specific issue regarding each vulnerability and the software update that addresses it.

• RIM's response to reports of applications developed by Carrier IQ - Updated (December 16, 2011)
• Elevation of privilege vulnerability in file sharing capability impacts the BlackBerry PlayBook tablet software (December 6, 2011)
• Vulnerability in a component of the BlackBerry Enterprise Server could allow one enterprise instant messaging user to impersonate another (October 11, 2011)
• Vulnerabilities in WebKit browser engine impact BlackBerry 6 (October 11, 2011)
• Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet (October 6, 2011)
• Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution (August 9, 2011)
• Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service (July 12, 2011)
• Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software (June 20, 2011)
• Vulnerability in Adobe Flash Player version included with the BlackBerry PlayBook tablet software (June 11, 2011)
• Cross-site scripting (XSS) vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server (April 12, 2011)
• Vulnerabilities in Apache Tomcat implementation impact BlackBerry Enterprise Server components (April 12, 2011)
• Vulnerability in WebKit browser engine impacts BlackBerry Device Software version 6.0 and later (March 14, 2011)
• Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (January 11, 2011)
• Partial Denial of Service (DoS) in the BlackBerry browser application (January 11, 2011)
• Vulnerability in the security of BlackBerry device backups using the BlackBerry Desktop Software (December 15, 2010)
• Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (December 14, 2010)
• Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (October 13, 2010)
• Insecure library loading in the BlackBerry Desktop Software (September 9, 2010)
• Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (December 1, 2009)
• Vulnerability in the BlackBerry Desktop Manager allows remote code execution (November 3, 2009)
• BlackBerry Browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates (September 28, 2009)
• Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (May 26, 2009)
• Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (April 16, 2009)
• Cross site scripting vulnerability in the BlackBerry Enterprise Server MDS Connection Service (April 16, 2009)
• Vulnerability exists in BlackBerry Application Web Loader ActiveX control (February 10, 2009) – Updated
• Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (January 12, 2009)
• Updating an ActiveX control that the Roxio Media Manager uses (November 27, 2008) – Updated
• Recommendation on the use of administrative roles in the BlackBerry Manager (November 26, 2008)
• Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server (July 10, 2008)
• Updating the Microsoft® GDI component that the BlackBerry® Attachment Service uses (April 28, 2008) – Updated
• TeamOn Import Object ActiveX control vulnerability (May 9, 2007) – Updated
• SIP INVITE vulnerability in From field format string on the BlackBerry® 7270 smartphone (March 27, 2007)
• BlackBerry 7270 smartphone does not handle SIP INVITE messages properly (March 27, 2007)
• SIP INVITE URI user name format string vulnerability in the BlackBerry 7270 smartphone (March 27, 2007)
• Protecting the BlackBerry device and BlackBerry® Enterprise Server against malware (March 20, 2007)
• Temporary denial of service in the BlackBerry® Browser (March 11, 2007)
• Denial of service on the BlackBerry Router (May 10, 2006)
• Browser dialogue box not properly dismissed after downloading a corrupt JAD file (May 4, 2006)
• Corrupt Word file may cause buffer overflow in the BlackBerry Attachment Service (February 9, 2006)
• Corrupt TIFF file may cause heap overflow resulting in denial of service in the BlackBerry Attachment Service (January 20, 2006)
• Corrupt PNG file may cause heap overflow in the BlackBerry Attachment Service (January 6, 2006)
• RIM analysis of buffer overrun in decompression algorithm (June 7, 2005)
• HexView advisory on BlackBerry device buffer overflow and data loss (October 29, 2004)