According to RIM, it is possible to trick a user into thinking they are on a trusted, and secure web site using a null character in the domain certificate when clicking on a link from an email or SMS message. What may appear to be a simple mismatch domain error is an bug that could exploit anyone who is unaware of the vulnerability.
From RIM's article:
"This advisory relates to a BlackBerry Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name."
To correct this issue RIM recommends that you upgrade your OS to the latest version. However, and this is a little alarming, it is up the carrier to release the updated OS, which none have done yet. The table below shows which versions are affected and which version you need to upgrade to in order to patch the vulnerability.
Yeah I found a boatload of posts ABOUT it...not sure if it is being pushed to everyone yet. I tried to complete a wireless update via VZW but I get an error. QuickPull and re-checking but I doubt it. I'm running the .53 release that was found the other day. We'll see.
Yeah really. If I could ever get my Tour to connect to my PC while I was running 5.0 I would keep it. I get "USB charging is insufficient" on every port, powered hub, and camel in site. I finally was able to wipe it (after about 1 hour on two computers) and revert to .53. But I miss it :1244: