BlackBerry fixes critical Enterprise Server flaw

RIM issues patches and a workaround for a critical vulnerability in its BlackBerry Enterprise Server.

BlackBerry

RIM has issued a fix for a serious security flaw in various versions of its BlackBerry Enterprise Server (BES).

The BlackBerry manufacturer has not only issued patches for all affected versions, but offered a workaround for any administrators who were unable to download the fixes for whatever reason.

The buffer overflow vulnerability could cause the service to crash or allow for remote code execution.

"The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files," RIM noted in an advisory.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Successful exploitation of this vulnerability requires a malicious individual to persuade a BlackBerry smartphone user to open a specially-crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server."

The vulnerability was given a score of 9.3 out of 10 on the Common Vulnerability Scoring System - an industry open standard designed to show how severe a flaw is.

BES is the software organisations use to manage their BlackBerry deployments. It lets businesses coordinate operations such as messaging and calendar entries.

The flaw cannot affect BlackBerry devices directly, RIM said.

The affected software versions include:

BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange

Advertisement - Article continues below

BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino

BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino

BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise

BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/pdf-software/29855/why-it-s-time-to-take-your-documents-digital
document management systems (DMS)

Why it’s time to take your documents digital

7 Feb 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-attacks/354747/apple-mac-malware-detections-overtake-windows-for-the-first-time
cyber attacks

Apple Mac malware detections overtake Windows for the first time

11 Feb 2020