RIM patches 'critical' BlackBerry PDF flaw

RIM patches 'critical' BlackBerry PDF flaw

Summary: The company has patched a flaw in the way BlackBerry server software opens PDFs that exposes corporate networks to attack

TOPICS: Security

RIM has released a patch for a security flaw in BlackBerry Enterprise Server that exposed corporate networks to hackers via maliciously crafted PDF documents.

RIM announced the "highly critical" security advisory two weeks ago, saying that a booby-trapped PDF could exploit a hole in RIM's server software to gain remote access to corporate networks.

The flaw affected the BlackBerry Attachment Service — a function within BlackBerry Enterprise Server that is used to process PDF attachments and make them readable by BlackBerry users on that network.

The flaw did not expose BlackBerry devices to attack, but could expose email servers on the same network as BlackBerry Enterprise Server to attack, Sense of Security's principal consultant, Jason Edelstein, told ZDNet.com.au.

RIM's initial workaround was to prevent the BlackBerry Attachment Service from processing PDF files within the BlackBerry Enterprise Server. The patch is now available from RIM's website.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion