RIM ships fix for BlackBerry code execution bug

Summary:Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.

RIM ships fix for BlackBerry code execution bug
Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:

Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

From the alert:

A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

[ SEE: Unpatched code execution bug haunts BlackBerry ]

The bug carries a Common Vulnerability Scoring System (CVSS) base score of 9.0.

The company is urging all users to upgrade immediately  to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6).  An interim security software update that patches the flaw in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software is also available.

* Photo credit: Editor B's Flickr photostream (Creative Commons 2.0)

Topics: Hardware, BlackBerry, Mobility

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.