A newly identified BlackBerry browser bug is making the majority of BlackBerry smartphone users vulnerable to phishing scams, Research In Motion revealed.

RIM said it has released to operators a new software update to correct the issues, but many of those updated builds may not be available publicly via U.S. operator sites, CIO.com reported.

The problem has to do with BlackBerry software's certificate-handling capability. A hacker could possibly spoof a site BlackBerry users visit often by purposely adding "null characters" to the site certificate's Common Name field. That flaw, which was rated a medium risk on a Common Vulnerability Scoring System, prohibits the browser from correctly identifying mismatched site certificates because it can't read the null characters.

RIM is recommending that all BlackBerry users running OS 4.5 or higher ask their wireless operator to determine if the software update is available for that device.  

For more:
- see this CIO article

Related Articles:
Analyst: Blackberry Tour's trackball problems cause high return rates
Some UK BlackBerry users hit with service outage
RIM talks about BlackBerry Enterprise Server 5.0