BlackBerry PDF flaw leaves networks open to attack

Much focus has been on the iPhone’s impact on network security, but it seems the BlackBerry has a potentially disastrous flaw which it has kept quiet and unpatched.

Business users have been warned that opening PDF files with their Blackberry devices could compromise their corporate network.

The flaw scored nine out of ten on Blackberry's common vulnerability scoring system and is seen as highly severe. RIM disclosed the vulnerability in an advisory, but so far a patch hasn't been released to deal with the problem, and no details have been given about how long it will take to deal with it.

Advertisement - Article continues below

The advisory said: "This issue has been escalated internally to our development team. No resolution time frame is currently available."

The vulnerability is specifically found in the PDF distiller of the BlackBerry Attachment Service.

A malicious user can take advantage by creating a specially made PDF file in an email message which can cause arbitrary code to execute on the device.

If the Blackberry user then views the PDF file while connected to the BlackBerry Enterprise Server of the corporate network, it can leave it open to attack.

The flaw is found on the BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 4.1 Service Pack 5 (4.1.5)

RIM has said: "In regard to the precautionary security advisory issued by RIM which informed customers about a potential vulnerability in BlackBerry Enterprise Server versions 4.1.3 through 4.1.5, there were no customer reports of any actual problems relating to this vulnerability and RIM has since provided software updates that resolve the issue."

Advertisement
Advertisement - Article continues below

It also said that the vulnerability does not exist in the newly released BlackBerry Enterprise Server 4.1.6 for Microsoft Exchange and IBM Lotus Domino.

Read more on how smartphones like the BlackBerry as well as newer gadgets like the iPhone could be used safely on a corporate network.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020