Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:
Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.
From the alert:
A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.
The bug carries a Common Vulnerability Scoring System (CVSS) base score of 9.0.
The company is urging all users to upgrade immediately to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6). An interim security software update that patches the flaw in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software is also available.
* Photo credit: Editor B's Flickr photostream (Creative Commons 2.0)