Skip to main content

RIM Patches Blackberry Enterprise Server PDF Vulnerability

Research In Motion (RIM) has notified details of a serious vulnerability in its BlackBerry Attachment Service that could enable hackers seize control over BlackBerry Enterprise Server and execute codes remotely.

In a security advisory, the BlackBerry maker warned about a vulnerability that tricks users into opening an email with a malformed PDF attachment, opening which could inject malicious codes onto a server carrying the BlackBerry Attachment Service.

Notifying the gravity of the flaw, the company in its advisory said that when the maliciously crafted PDF file is opened on a BlackBerry handset, it “could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service”.

However, RIM has already issued an interim software update to plug these security holes in the affected iterations of the BlackBerry Professional Software as well as BlackBerry Enterprise Server.

The company further urged users to disable PDF file processing on the affected servers until the complete security fixes are rolled out, and asserted that they should open email attachments from reliable sources only.

You can follow ITProPortal.com on Twitter @itproportal (opens in new tab).

Our Comments

This PDF issue has called for more responsive security mechanisms and up to date security patches from the corporations, as these flaws can affect the users badly. That said, RIM seems to be fundamentally more secure than other competitors.

Related Links

RIM Warns Of BlackBerry PDF Flaw (opens in new tab)

(Channel Web)

RIM warns of BlackBerry PDF vulnerability (opens in new tab)

(Vnunet)

RIM Patches PDF Flaw (opens in new tab)

(IT Business Edge)

RIM warns over PDF peril (opens in new tab)

(The Register)

RIM patches another BlackBerry Enterprise Server PDF flaw (opens in new tab)

(Computerworld)

BlackBerry Enterprise Server PDF problems patched by RIM (opens in new tab)

(Product Reviews)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.