RIM ships fix for BlackBerry code execution bug

RIM ships fix for BlackBerry code execution bug

Summary: Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.

SHARE:

RIM ships fix for BlackBerry code execution bugJust a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:

Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

From the alert:

A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

[ SEE: Unpatched code execution bug haunts BlackBerry ]

The bug carries a Common Vulnerability Scoring System (CVSS) base score of 9.0.

The company is urging all users to upgrade immediately  to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6).  An interim security software update that patches the flaw in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software is also available.

* Photo credit: Editor B's Flickr photostream (Creative Commons 2.0)

Topics: Hardware, Mobility, BlackBerry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • This article is almost a week late.....(Finally)

    You write this article on July 22nd and I quote from the article:
    "Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server."

    Your article does a great dis-service to the folks at RIM since both an interim fix and the unaffaected Service Pack 6 for 4.1 for Exchange have been out since July 17th.

    I would not take exception to this article and always read them but your statement that "Research in Motion (RIM) has finally shipped patches to cover the issue..." is inaccurate by almost a week.

    We have slightly over 300 BES users and when RIM or a third party identify issues RIM is usually quicker than most companies to supply fixes, patches, and service packs than most other companies (subliminal: Microsoft, Apple, REAL).

    This article should have appeared last Friday the 18th but we're all glad that you "Finally" got around to noticing that the fix is out, too bad you didn't take notice of when it was out.
    dunn@...
  • RE: RIM ships fix for BlackBerry code execution bug

    Should've read "ZDNet finally posts news of Blackberry bug fix" Haha
    ZDNET_guest666