BlackBerry PDF flaw leaves networks open to attack

Much focus has been on the iPhone’s impact on network security, but it seems the BlackBerry has a potentially disastrous flaw which it has kept quiet and unpatched.

Business users have been warned that opening PDF files with their Blackberry devices could compromise their corporate network.

The flaw scored nine out of ten on Blackberry's common vulnerability scoring system and is seen as highly severe. RIM disclosed the vulnerability in an advisory, but so far a patch hasn't been released to deal with the problem, and no details have been given about how long it will take to deal with it.

Advertisement - Article continues below

The advisory said: "This issue has been escalated internally to our development team. No resolution time frame is currently available."

The vulnerability is specifically found in the PDF distiller of the BlackBerry Attachment Service.

A malicious user can take advantage by creating a specially made PDF file in an email message which can cause arbitrary code to execute on the device.

If the Blackberry user then views the PDF file while connected to the BlackBerry Enterprise Server of the corporate network, it can leave it open to attack.

The flaw is found on the BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5)

RIM has said: "In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue."

Advertisement
Advertisement - Article continues below

It also said that the vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6 for Microsoft Exchange and IBM Lotus Domino.

Read more on how smartphones like the BlackBerry as well as newer gadgets like the iPhone could be used safely on a corporate network.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020