RIM ships fix for BlackBerry code execution bug

Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.

RIM ships fix for BlackBerry code execution bug
Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:

Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

From the alert:

A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

[ SEE: Unpatched code execution bug haunts BlackBerry ]

The bug carries a Common Vulnerability Scoring System (CVSS) base score of 9.0.

The company is urging all users to upgrade immediately  to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6).  An interim security software update that patches the flaw in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software is also available.

* Photo credit: Editor B's Flickr photostream (Creative Commons 2.0)