Thursday, May 28, 2009

RIM Warns of BlackBerry PDF Vulnerability

Via -

Research In Motion (RIM) has released details of a flaw in its BlackBerry Attachment Service that could allow hackers to remotely execute code and gain control of a BlackBerry Enterprise Server.

The firm said in a security advisory that multiple vulnerabilities with a Common Vulnerability Scoring System score of 9.3 have been found in the PDF distiller of the Attachment Service.

"These vulnerabilities could enable a malicious individual to send an email containing a specially crafted PDF file which, when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service," said the advisory.

RIM has issued an interim software update that fixes these issues in the affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software.

The firm advised users to disable PDF file processing on the server until these patches are rolled out, and said that users should only open attachments from trusted sources.

Graham Cluley, senior technology consultant at security vendor Sophos, said in a blog post that hackers are increasingly exploiting PDFs to deliver malware to unsuspecting business users.

"As PDFs are so widely used and shared in business most people wouldn't think twice about clicking on them, making it imperative that corporations keep their security patches and anti-malware defences up to date," he said.

No comments:

Post a Comment