Research in Motion has warned users and corporate administrators of a critical vulnerability in a component of its BlackBerry Enterprise Server that could be used to hack their company's computers.
The US Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, also posted an alert Wednesday after RIM issued two security advisories.
A patch is not available, but RIM said the problem had been "escalated internally to our development team."
A bug in the PDF distiller component of the BlackBerry Attachment Service, which runs on the BlackBerry Enterprise Server (BES), affects how the popular Adobe document format is processed on the server, said RIM in one of the advisories.
The server running BES, not individual BlackBerry devices, is at risk, although an attack would involve a BlackBerry.
Malicious PDFs attached to e-mail messages could "cause arbitrary code to execute on the computer that the BlackBerry Attachment Service runs on," the RIM warning said. "If a BlackBerry smart phone user on a BlackBerry Enterprise Server opens and views the specially crafted PDF file attachment on the BlackBerry smart phone, the arbitrary code execution could compromise the computer."
RIM posted workaround instructions for enterprise administrators that would prevent an attack by blocking PDF processing on a BES system.
A companion RIM security advisory urged BlackBerry users to upgrade to version 1.0 Service Pack 1 (1.0.1) bundle 36 or later of the BlackBerry Unite software.