The bug was in the PDF distiller component of the BlackBerry Attachment Service, which runs on the BlackBerry Enterprise Server. It affected how the Adobe document format is processed, and could potentially give hackers a way into a company's network.
Malicious PDFs attached to e-mail messages opened on a smartphone could cause problems on the computer that the BlackBerry Attachment Service runs on, according to RIM. The server, not the individual handset, was at risk.
"If a BlackBerry smartphone user on BlackBerry Enterprise Server opens and views the specifically crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer," read a warning from RIM.
IT departments using BES software version 4.1 Service Pack (SP) 3 through BES v4.1 SP5 are at risk, as are users of BlackBerry Unite version 1.0 SP1 bundle 36 or earlier, according to RIM. BlackBerry Unite is a service that lets users access shared files via BlackBerry.
RIM first disclosed the vulnerability last week, and the company ranked it as a 9 on a scale of 0 to 10, with 10 representing the most critical flaw. The vulnerability gained attention after the U.S. Computer Emergency Readiness Team posted an alert Wednesday.
Prior to releasing the patch, RIM offered work-around instructions for administrators to prevent an attack by blocking PDF processing. The company received no reports of attacks, according to a RIM spokesperson.