"The issue could result in remote code execution on affected BlackBerry smartphones," the Waterloo, Ontario-based company said. "Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed."
The flaw is in the WebKit browser that RIM includes in version 6 of its BlackBerry OS.
RIM said hackers can steal data from users' memory cards on some BlackBerry devices. They can also install malware by exploiting the hole, but the company said that even if attacked, the phone's emails and contacts would be safe.
The publicity is particularly bad for the company who stakes its reputation on the security and privacy of its service. RIM, which has been forced to use more third-party software to compete with the flashy features of other platforms, provides more targets to hack.
The vulnerability was discovered at the "Pwn2Own" hacking contest last week. Although the contest winners were not allowed to publicize specifics of the vulnerabilities until companies have patched them, it's possible that malware authors are already aware of it.
An iPhone 4 was also hacked during the contest.
The contest could actually help RIM, though, if it drives focus on security. According to the coders who discovered the flaw, RIM's smartphone software doesn't make use of some important security techniques, and the company is heavily reliant on "security by obscurity," the fallible strategy of hiding how software works to keep hackers at bay.