RIM Fixes BlackBerry Enterprise Server VulnerabilityRIM Fixes BlackBerry Enterprise Server Vulnerability
The flaw could let malicious PDFs cause problems with the BlackBerry Enterprise Server.
July 18, 2008
Research In Motion has patched a critical vulnerability in its BlackBerry Enterprise Servers that left companies vulnerable to malicious PDFs.
The bug was in the PDF distiller component of the BlackBerry Attachment Service, which runs on the BlackBerry Enterprise Server. It affected how the Adobe document format is processed, and could potentially give hackers a way into a company's network.
Malicious PDFs attached to e-mail messages opened on a smartphone could cause problems on the computer that the BlackBerry Attachment Service runs on, according to RIM. The server, not the individual handset, was at risk.
"If a BlackBerry smartphone user on BlackBerry Enterprise Server opens and views the specifically crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer," read a warning from RIM.
IT departments using BES software version 4.1 Service Pack (SP) 3 through BES v4.1 SP5 are at risk, as are users of BlackBerry Unite version 1.0 SP1 bundle 36 or earlier, according to RIM. BlackBerry Unite is a service that lets users access shared files via BlackBerry.
RIM first disclosed the vulnerability last week, and the company ranked it as a 9 on a scale of 0 to 10, with 10 representing the most critical flaw. The vulnerability gained attention after the U.S. Computer Emergency Readiness Team posted an alert Wednesday.
Prior to releasing the patch, RIM offered work-around instructions for administrators to prevent an attack by blocking PDF processing. The company received no reports of attacks, according to a RIM spokesperson.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023