BlackBerry PDF flaw leaves networks open to attack
By Asavin Wattanajantra,
Business users have been warned that opening PDF files with their Blackberry devices could compromise their corporate network.
The flaw scored nine out of ten on Blackberry’s common vulnerability scoring system and is seen as highly severe. RIM disclosed the vulnerability in an advisory, but so far a patch hasn’t been released to deal with the problem, and no details have been given about how long it will take to deal with it.
The advisory said: “This issue has been escalated internally to our development team. No resolution time frame is currently available.”
The vulnerability is specifically found in the PDF distiller of the BlackBerry Attachment Service.
A malicious user can take advantage by creating a specially made PDF file in an email message which can cause arbitrary code to execute on the device.
If the Blackberry user then views the PDF file while connected to the BlackBerry Enterprise Server of the corporate network, it can leave it open to attack.
The flaw is found on the BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5)
RIM has said: "In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue."
It also said that the vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6 for Microsoft Exchange and IBM Lotus Domino.
Read more on how smartphones like the BlackBerry as well as newer gadgets like the iPhone could be used safely on a corporate network.
Related Tags
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?