RIM patches BlackBerry PDF vulnerability

IT departments should prevent attachment service from processing any PDF files

Research in Motion (RIM) has issued a new security patch for BlackBerry Enterprise Server to fix vulnerabilities in its PDF distiller program.

The patch was issued on a BlackBerry forum last week and was billed as a fix for any customers that use BlackBerry Enterprise Server (BES) versions 4.1 through 5.0. RIM said that there were "multiple security vulnerabilities" that existed in some versions of the enterprise servers' PDF distiller that were released as part of the BlackBerry Attachment Service.

The vulnerabilities could allow hackers to send users e-mails containing a "specifically crafted PDF file" that could cause memory corruption and "possibly lead to arbitrary code execution" of the computer hosting the attachment service.

While companies take time to test the new patch on their systems, RIM recommends that IT departments prevent the attachment service from processing any PDF files that come through the BES environment (instructions for disabling PDF downloads can be found here).

RIM also says that companies could install the attachment service onto a remote computer and place it in its own remote network segment to stop the spread of malicious PDF files throughout the network.

More about: BlackBerry, Motion, RIM
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the TechWorld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: blackberry enterprise server, pdf, research in motion, RIM BlackBerry
Whitepapers
All whitepapers
 
rhs_login_lockGet exclusive access to Techworld news, reports & analysis.

Twitter Feed

Whitepapers

- + c

Latest News

- + c
more