/>
X

BlackBerrys at risk from PDF flaw

Critical security flaws in a component of BlackBerry Enterprise Server could leave systems open to denial-of-service or hack attack, RIM has warned
tom-espiner.jpg
Written by Tom Espiner, Senior Reporter on

Research In Motion has pushed out patches for critical security issues in its Blackberry Enterprise Server middleware product.

BlackBerry Enterprise Server (BES) suffers from multiple vulnerabilities in its attachment service, RIM said in a security advisory on Tuesday. The memory corruption flaws in BlackBerry Attachment Service could allow an attacker to send a malformed PDF to a smartphone. If the document is opened, it could crash the service or give the hacker unfettered access to a computer hosting the service, the company said. BlackBerry Attachment Service is a component of BES.

The security holes affect PDF distillers in BES version 5.0.0 for Windows Server 2008, 2003, and 2000. The flaws on systems running BES 5.0.0 for Windows Server 2000 are more serious, said the handset maker, as Windows Server 2008 and 2003 have default security settings that mitigate the severity of the flaws.

Vulnerabilities are also present in BES versions 4.1.3 to 4.1.7, and Blackberry Professional Software 4.1.4.

RIM recommended that administrators upgrade to unaffected versions of BES — for example, for BES 5.0 for Exchange and Domino, they should move to 5.0.1. Alternatively, IT managers can apply interim security updates, according to the advisory. A workaround is to disable BAS.

BlackBerry Attachment Service has suffered various vulnerabilities over several years. For example, it had a similar PDF distiller flaw in July last year. The component was last patched in May, and it has been patched five times this year.

Related

McDonald's and Chick-fil-A both have a big problem. Only one has a solution
screen-shot-2022-06-28-at-6-24-27-pm.png

McDonald's and Chick-fil-A both have a big problem. Only one has a solution

Business
On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space
Chick-fil-A has a problem that's out of control (and technology can't fix it)
screen-shot-2022-03-14-at-9-38-08-am.png

Chick-fil-A has a problem that's out of control (and technology can't fix it)

Enterprise Software