Research In Motion (RIM) has notified details of a serious vulnerability in its BlackBerry Attachment Service that could enable hackers seize control over BlackBerry Enterprise Server and execute codes remotely.
In a security advisory, the BlackBerry maker warned about a vulnerability that tricks users into opening an email with a malformed PDF attachment, opening which could inject malicious codes onto a server carrying the BlackBerry Attachment Service.
Notifying the gravity of the flaw, the company in its advisory said that when the maliciously crafted PDF file is opened on a BlackBerry handset, it “could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service”.
However, RIM has already issued an interim software update to plug these security holes in the affected iterations of the BlackBerry Professional Software as well as BlackBerry Enterprise Server.
The company further urged users to disable PDF file processing on the affected servers until the complete security fixes are rolled out, and asserted that they should open email attachments from reliable sources only.
You can follow ITProPortal.com on Twitter @itproportal.
Our Comments
This PDF issue has called for more responsive security mechanisms and up to date security patches from the corporations, as these flaws can affect the users badly. That said, RIM seems to be fundamentally more secure than other competitors.
Related Links
RIM Warns Of BlackBerry PDF Flaw
(Channel Web)
RIM warns of BlackBerry PDF vulnerability
(Vnunet)
(IT Business Edge)
(The Register)
RIM patches another BlackBerry Enterprise Server PDF flaw
(Computerworld)
BlackBerry Enterprise Server PDF problems patched by RIM
(Product Reviews)