BlackBerrys at risk from PDF flaw

BlackBerrys at risk from PDF flaw

Summary: Critical security flaws in a component of BlackBerry Enterprise Server could leave systems open to denial-of-service or hack attack, RIM has warned

SHARE:
TOPICS: Security
0

Research In Motion has pushed out patches for critical security issues in its Blackberry Enterprise Server middleware product.

BlackBerry Enterprise Server (BES) suffers from multiple vulnerabilities in its attachment service, RIM said in a security advisory on Tuesday. The memory corruption flaws in BlackBerry Attachment Service could allow an attacker to send a malformed PDF to a smartphone. If the document is opened, it could crash the service or give the hacker unfettered access to a computer hosting the service, the company said. BlackBerry Attachment Service is a component of BES.

The security holes affect PDF distillers in BES version 5.0.0 for Windows Server 2008, 2003, and 2000. The flaws on systems running BES 5.0.0 for Windows Server 2000 are more serious, said the handset maker, as Windows Server 2008 and 2003 have default security settings that mitigate the severity of the flaws.

Vulnerabilities are also present in BES versions 4.1.3 to 4.1.7, and Blackberry Professional Software 4.1.4.

RIM recommended that administrators upgrade to unaffected versions of BES — for example, for BES 5.0 for Exchange and Domino, they should move to 5.0.1. Alternatively, IT managers can apply interim security updates, according to the advisory. A workaround is to disable BAS.

BlackBerry Attachment Service has suffered various vulnerabilities over several years. For example, it had a similar PDF distiller flaw in July last year. The component was last patched in May, and it has been patched five times this year.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion