Research In Motion (RIM) has notified details of a serious vulnerability in its BlackBerry Attachment Service that could enable hackers seize control over BlackBerry Enterprise Server and execute codes remotely.
In a security advisory, the BlackBerry maker warned about a vulnerability that tricks users into opening an email with a malformed PDF attachment, opening which could inject malicious codes onto a server carrying the BlackBerry Attachment Service.
Notifying the gravity of the flaw, the company in its advisory said that when the maliciously crafted PDF file is opened on a BlackBerry handset, it “could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service”.
However, RIM has already issued an interim software update to plug these security holes in the affected iterations of the BlackBerry Professional Software as well as BlackBerry Enterprise Server.
The company further urged users to disable PDF file processing on the affected servers until the complete security fixes are rolled out, and asserted that they should open email attachments from reliable sources only.
You can follow ITProPortal.com on Twitter @itproportal (opens in new tab).
Our Comments
This PDF issue has called for more responsive security mechanisms and up to date security patches from the corporations, as these flaws can affect the users badly. That said, RIM seems to be fundamentally more secure than other competitors.
Related Links
RIM Warns Of BlackBerry PDF Flaw (opens in new tab)
(Channel Web)
RIM warns of BlackBerry PDF vulnerability (opens in new tab)
(Vnunet)
RIM Patches PDF Flaw (opens in new tab)
(IT Business Edge)
RIM warns over PDF peril (opens in new tab)
(The Register)
RIM patches another BlackBerry Enterprise Server PDF flaw (opens in new tab)
(Computerworld)
BlackBerry Enterprise Server PDF problems patched by RIM (opens in new tab)
(Product Reviews)
