RIM ships fix for BlackBerry code execution bug

Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

From the alert:

A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

[ SEE: Unpatched code execution bug haunts BlackBerry ]

The bug carries a Common Vulnerability Scoring System (CVSS) base score of 9.0.

The company is urging all users to upgrade immediately  to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6).  An interim security software update that patches the flaw in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software is also available.

* Photo credit: Editor B's Flickr photostream (Creative Commons 2.0)