BlackBerry PDF flaw leaves networks open to attack
Much focus has been on the iPhone’s impact on network security, but it seems the BlackBerry has a potentially disastrous flaw which it has kept quiet and unpatched.
Business users have been warned that opening PDF files with their Blackberry devices could compromise their corporate network.
The flaw scored nine out of ten on Blackberry's common vulnerability scoring system and is seen as highly severe. RIM disclosed the vulnerability in an advisory, but so far a patch hasn't been released to deal with the problem, and no details have been given about how long it will take to deal with it.
The advisory said: "This issue has been escalated internally to our development team. No resolution time frame is currently available."
The vulnerability is specifically found in the PDF distiller of the BlackBerry Attachment Service.
A malicious user can take advantage by creating a specially made PDF file in an email message which can cause arbitrary code to execute on the device.
If the Blackberry user then views the PDF file while connected to the BlackBerry Enterprise Server of the corporate network, it can leave it open to attack.
The flaw is found on the BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5)
RIM has said: "In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue."
It also said that the vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6 for Microsoft Exchange and IBM Lotus Domino.
Read more on how smartphones like the BlackBerry as well as newer gadgets like the iPhone could be used safely on a corporate network.
Successful digital transformations are future ready - now
Research findings identify key ingredients to complete your transformation journeyDownload now
Cyber security for accountants
3 ways to protect yourself and your clients onlineDownload now
The future of database administrators in the era of the autonomous database
Autonomous databases are here. So who needs database administrators anymore?Download now
The IT expert’s guide to AI and content management
Your guide to the biggest opportunities for IT teams when it comes to AI and content managementDownload now